The recent attempted bombing of Northwest Airlines Flight 253 has me concerned on many levels. I actually cannot decide which is worse: the attempted bombing, or TSA's response.
The First Failure
The first failure is obvious: A man with a bomb got on board an airplane. This, by itself, is enough to identify massive failures in the entire screening process.
There are people who have pointed out that he did not board at a US airport. However, other countries screen passengers at foreign airports. You cannot board an El Al flight without undergoing their rigorous screening process. Qantas screens passengers before they head to Australia. And China Airlines has their screening process. Either TSA is not doing this and they should, or they are doing this and they failed.
Screeners also missed obvious clues. For example, he had no checked bags and only a small carry-on for an intercontinental flight. Did he even have a jacket? (Detroit is cold this time of year.) He mentioned traveling for a "religious ceremony". According to Jihad Watch, Muslim extremists who are suicide bombers refer to their martyrdom as a "religious ceremony" (because they are about to marry 72 virgins). And details like paying for his ticket with cash, recent travel to Yemin, and warnings from his own father were ignored.
But the failures do not end there. The bomber failed -- not because of security screeners and checkpoints, but because of his own incompetence. It was only through passenger vigilance and quick action that it was not worse. And it wasn't a US passenger who saved the day! It was a flying Dutchman named Jasper Schuringa. While Jasper is a true hero (and the flight was lucky to have him on board), this is clearly not a US success.
With all of these failures, I am dumbfounded by Homeland Security Secretary Janet Napolitano stating that the system worked.
Granted, she is talking about after the attempted bombing. After he tried to bomb the plane, all of the communications that were in place worked! That's like saying "After the drunk driver was stopped at three DUI checkpoints, he sideswiped twelve cars, ran over five pedestrians, and flipped his vehicle. The police were dispatched and successfully removed the man from the wreckage and took him into custody." There were far too many failures leading up to the part that worked. I think it is time for Janet to be replaced.
But it gets worse
Now we reach the point where we can only laugh at the incompetence. The screeners failed. The background check failed. The "terrorist watchlist" failed. In-air security failed.
We're beginning to learn that the US government was warned by the bomber's father -- he thought his son had fallen in with extremists. Of course, I can fully see how government officials could have ignored this warning. The alert probably looked something like this:
Date: June 15, 2009
Subject: Urgent Message! Please Call Me Or Email !!+++
DEAR US EMBASSY,
MY NAME IS ALHAJI UMARU MUTALLAB. I AM THE FATHER OF UMAR FAROUK ABDULMATALLAB AND I AM THE RETIRED CHAIRMAN OF ONE OF NIGERIA'S TOP BANKS. I NEED YOUR HELP...
Electronics. There are no reports of Abdulmutallab carrying any electronics. So... TSA tightened restrictions on the usage of electronic devices.
Luggage. Passengers are no longer allowed to access their personal belongings in overhead compartments... even though there are no reports of Abdulmutallab doing this. In fact, Abdulmutallab reportedly only had a small carry-on, and small carry-ons are supposed to go under the seat in front of you.
Moving about. Passengers are no longer permitted to stand up during the last hour of the flight. Previous flights had a 30-minute window, now it is 60 minutes. Does TSA think that airline bombers won't try to blow the plane 90 minutes before landing?
Blankets. The only new rule I can almost understand: Abdulmutallab tried to light the bomb in his lap. So, no blankets covering laps. I've been on some really frigid flights, so this will become interesting. Can I still wear my jacket if it covers my lap? What about a Snuggie? People wear these on planes...
Then again, TSA just had to make this funny. They decided that "At the captain's discretion, passengers can once again have blankets and other items on their laps or move about the cabin during the tail end of flight." Yet, the cockpit door is supposed to be closed and locked during the entire flight. So... how can the captain review the situation and make a blanket determination?
Richard Reid attempted to blow up an airplane with explosives hidden in his shoes. TSA responded by requiring all passengers to remove shoes for screening. Abdulmutallab hid explosives in his underwear. So logically...
There is a phrase that has been popping up in the media for the last few weeks. "Stop interfering." The accusation has come from Iran and North Korea, and has been directed at the United States, UK, and most European nations.
If you believe the Western media, then our only interference has been on reporting actual events and not the fiction that the Iranian and North Korean governments keep spouting. However, neither country has actually specified the type of interference... Maybe the interference really does exist.
Twins
If you look at the timeline of events, there are a number of interesting similarities between North Korea and Iran. And the alignment of events is far too coincidental.
Missiles. Both North Korea and Iran have both been testing missiles. Both have had missile failures, and both reported the failures as if they were successes. (I still like that "subaquatic orbit" comment concerning North Korea's satellite. Although, Iran's launch that never happened is also a good one.)
Old Photos. Both countries use media manipulations to support their official government statements. In particular, both use undated and provably old photos to support false statements about alleged recent events. I've been reading many news articles from official, government-operated Iranian news outlets. Most stories support the text with old photos. In many cases, photos are timestamped days, weeks, or months earlier. Don't believe me? Look at Iran's Fars News Agency, IRIB, and Tehran Times. The same goes for North Korea's KCNA. The only time the pictures seem current are when the media is seen in the audience.
Nuclear Power. Both countries want to be nuclear powers, both claim to not be making weapons, yet both have facilities for refining (weaponizing) uranium. In the case of North Korea, they occasionally threaten using nuclear weapons.
Transferring power. Both countries are in the midst of a power struggle. In Iran, there are protests about election fraud, mistreatment of constituents (beating and killing protesters), and threats to crush any uprising. In North Korea, Kim Jong Un has been named the successor to Kim Jong Il.
Fake votes. By now it should be obvious to everyone: The Iranian election was a sham. Nobody can count that many votes that quickly. Strong contenders do not lose in their hometowns by a landslide. And the election counts that were eventually released were statistically improbable -- these were fake numbers "randomly" generated by a human and not real vote counts. Why, I haven't seen an election this fake since... North Korea. Last April, Kim Jong Il was re-elected with nearly 100% of the votes.
Common Ground
North Korea and Iran have much more in common than just media manipulations, oppressive governments, hostility toward neighboring countries, and voter fraud...
Iran always wanted nuclear weapons. Eventually they made an offer: they will give oil to any countries that helps them achieve this goal. In the 1980's, North Korea stepped up. Guess who is a major oil provider to North Korea? You got it: Iran.
For example, in October 2006, North Korea demonstrated nuclear capabilities by doing a test explosion. By early 2007, the oil began to ship from Iran to North Korea. 2007 was also when North Korea shut down one of their nuclear reactors and Iran increased their uranium refinement. (Anyone want to guess where Iran got the parts from? I'm guessing a closed-down facility from North Korea.)
Just to make sure this is clear: North Korea wanted oil, Iran wanted nuclear capabilities. In October 2006, North Korea demonstrated a working facility. In Feb 2007 they closed the facility, and sent the parts to Iran (April 2007). In return, Iran began shipping lots of oil to North Korea in early 2007.
But it did not start there...
North Korea needed help making missiles. Who helped them? Iran. According to a 2003 report from the LA Times:
North Korean military scientists recently were monitored entering Iranian nuclear facilities. They are assisting in the design of a nuclear warhead, according to people inside Iran and foreign intelligence officials. So many North Koreans are working on nuclear and missile projects in Iran that a resort on the Caspian coast is set aside for their exclusive use.
And which countries keep telling the US, UK, and EU to "Stop interfering"? North Korea and Iran.
Can you hear me now?
So what is this interference? The US, UK, and other EU nations have taken a stance to police the waters. As sanctions are levied against North Korea, it becomes more difficult to transfer anything between North Korea and Iran.
Adding to their concern, the United States, UK, and EU have amassed a significant number of troops in Iraq and Afghanistan. If you look on a map, then you will see that this effectively surrounds Iran. They cannot easily ship over the water, and secretive land-based shipments between Iran and North Korea are almost certain to be intercepted. "We're fighting terrorists..." uh, yeah, that's one reason to be there.
Are we interfering with North Korea and Iran's ability to work together and work secretively? Yes. Should we continue? Definitely. Together, they have managed to share weapon technologies and are increasing their threats against neighboring nations. Both nations are rapidly progressing beyond saber rattling toward all-out-war.
Finally, neither North Korea nor Iran give specifics about how we are interfering. For example, Ahmadinejad recently told the US to "stop meddling" in their affairs. The claim is that we are interfering with their election protests. However, they don't specifically say how we are interfering. I believe this is because they don't want to admit that we are hindering their abilities to construct nuclear missiles and attack their enemies.
Considering that both countries are actively testing missiles and North Korea keeps testing nuclear explosions, I kind of think that they are planning for the post-development phase. Think about it: first you make the weapons, then you use the weapons to remove all interference.
I thought the world had undergone a dramatic change last October. It wasn't the election that had me concerned, nor the economy, banks folding, massive layoffs, nor even threats from Iran and North Korea. No -- this was much more serious: Mother's Cookies declared bankruptcy.
Mother's Cookies -- with their colorful, icing covered circus animals -- were part of my childhood. They were always around for special occasions, from my first day at kindergarten to the post-dissertation party for my Ph.D. So you can imaging my shock last October when the grocery store had red signs that said "Discontinued Item" in front of the Circus Animals, Double Fudge, Vanilla Creme, and other treats that I associate with "Victory!"
However, things are never quite like they seem. Last weekend we went grocery shopping and saw six shelves full of Mother's Cookies! "Huh? I thought they went out of business?" Turns out, they did. But last December they were purchased by Kellogg, who restarted production. The cookies began hitting the shelves last month, and arrived here last week. This revival of my favorite treat by Kellogg brings a new meaning to "They're GRRREAT!"
Just when you think you know how something is going to end, events make a sudden, abrupt turn, keeping you on your toes.
Iran's Election
Last Friday (12-June-2009) was the election day in Iran. Just as the world watched the US election and hoped for a president better than Bush, everyone was watching Iran and hoping that Mahmoud Ahmadinejad, the holocaust-denying, war mongering, lunatic would be voted out of office.
The initial reports were staggering: early estimates said that 50%-75% of voters had turned out. They later revised it to around 80%. To put this into perspective, the voter turnout for the "Obama vs McCain" general election was around 62%, and that was the largest turnout ever. Iran had so many voters that they extended the voting hours twice, just to accompany the long lines of people.
Unlike most open countries, Iran does not permit external monitors to ensure a fair election. But unofficial exit surveys were showing that Ahmadinejad was losing -- and it would be a landslide victory for the challenger, Mir Hossein Mousavi. However, the media seems to have been eating their cookies too soon...
Shortly after the vote counting began, it was announced that Ahmadinejad had a strong lead. Mousavi accused Ahmadinejad of blatant voter fraud. Shortly after that, riots started in Iran. And I'm not talking about a small crowd of angry people -- this is a full blown revolution with government crackdowns and violence. Reports even surfaced of Mousavi being placed under house arrest. While Iran's state-run paper denies the arrest.
During the 1989 uprising in Tianamen Square, China attempted to keep the world in the dark by censoring the media. Well, Iran seems to have tried to follow suit. Shortly after reports of the rioting surfaced, Tehran's cell phone service went offline and media was blocked from reporting the news. According to one report:
The British Broadcasting Co. said that electronic jamming of its news report, which it said began on election day Friday, had worsened by Sunday, causing service disruptions for BBC viewers and listeners in Iran, the Middle East and Europe. It said it had traced the jamming of the satellite signal broadcasting its Farsi-language service to a spot inside Iran.
However, in today's always-connected world, censorship is not an option. Reports have gotten out through twitter, Facebook, MySpace, Picasa, and dozens of other online services. Iran may not want the world to know about the fraud, riots, and crackdown, but the world still knows.
Like I said: Just when you think you know how something is going to end, events make a sudden, abrupt turn, keeping you on your toes.
North Korea
Not to be out done, North Korea is still threatening nuclear war amid claims that Kim Jong Il's son, Kim Jong Un, will be the next leader.
Considering all of the craziness going on, you just know that the transition won't be as peaceful as the media describes.
Like any good movie, we're just at the end of Act I. Obama is the new President, Iran just had elections, North Korea is transferring power to a new leader, and Mother's Cookies has returned from the dead. Act II will begin with an unexpected twist, and lead to a head-on confrontation with a series of challenges -- each more difficult than the last. But remember: Act III is where the real ride begins.
North Korea has been busy this last week. First, then conducted a nuclear test on 25-May-2009. This underground test registered as a 4.7 earthquake with a depth of 0km (surface). The test was conducted within 60 miles of two major North Korean cities. For a comparison, the nuclear tests conducted by the US in Nevada in 1951 were 100 miles from the nearest city (Las Vegas).
This particular nuclear test was likely a reaction to more sanctions from the U.N. Security Council. Last month North Korea explicitly threatening to perform more nuclear tests if they did not receive an apology.
Following the test (they said they would and they did), they have since threatened to retaliate if anymore sanctions are made against them.
The big question is, what is going on with North Korea?
Childish
This seems like child-logic to me. If you do something bad, then you'll be punished. So you threaten to do more bad things until the punishment ends.
This type of cyclical logic (do bad, get punished, do more bad to get even, get punished again, etc.) can only end one way: with a blinding flash of light.
What we really need to do is understand the underlying cause and address it...
Blame Mexico!
If you believe the North Korean News Agency, KCNA, Kim Jong Il went to Mexico to celebrate the Worker's Party... and nobody noticed!
This event reportedly happened on May 20th. One would think that if a world leader visited another country then there would be at least one picture or one news report. So far, none have turned up.
The news report also cites "Juan Campos Vega" of the Mexican Institute for the Study of the Juche Idea as a speaker. I find it odd in this day and age, I can find no mention of this institute and no mention of this person except in reports from North Korea. (Fake visit with fake speakers?)
Following this "trip to Mexico", North Korea began nuclear testing and missile launching. Must be the water...
Theories
North Korea is a very secretive country. Without any official statement, the mass media and governments are left speculation about what is really going on. Some theories so far:
Gimme Help. Historically, the UN has relaxed sanctions in response to threats from North Korea. This could be another attempt at lessening sanctions.
Power Struggle. There may be a power struggle in North Korea between potential successors. The nuclear test may have actually been an effort to win over the military.
Along with the power struggle theory is a news report from North Korea that lists martyrs recently buried at the national cemetery. The dead people include Kim Hwan (former chemical industry minister and vice premier since 1993) and Rim Ho Gun (department director of the Central Committee of the Workers' Party of Korea) and vice department directors (Pak Sung Su and Kang Kil Bong). Each of these people were either in the line of succession, or influential in the selection of a successor.
My Theory
I have another theory... Perhaps Kim Jong Il is already dead.
We know that KJI had a stroke last year. And pictures of him that can be timed as post-stroke show him looking gaunt and in poor health.
If he is already dead, then there are good reasons to want a war to start. For example, having a god-like emperor die of old age is not anywhere as honorable as being killed in battle. So if any foreign nation does so much as toss a pebble, North Korea can say KJI sacrificed his body to save his country. (Quick! Defrost the corpse and move it to where the missile hit!) This is kind of like Suicide By Cop except that he's already dead.
Unfortunately, nobody has retaliated with weapons yet. It is hard to appear threatening when the world treats you like a kitten.
Following his death, a war could also be used to show how great he was. "Look! He managed to keep the country safe while he was alive!" Then, the next leader can calm things down and look equally great. (Well, can anyone ever be an 'equal' to the great Kim Jong Il?)
Something significant is definitely going on with North Korea. Besides their overt actions that appear threatening in the news, also watch for the more subtle stuff, like statements about things that did not happen, the timing of changes in government departments, and important reports that lack interesting details. It is as much about what they don't say, as what they do say.
The blog title is meant to allude to the movie "A Weekend at Bernies" where they carry a corpse to parties, and not Bernie Madoff who scammed the world.
The media has been all over a newly disclosed 'secure' operating system from China called 'Kylin'. ZD Net, The Inquirerer, and MSN (to name a few) all have articles about this 'unhackable' operating system.
Assuming that such as system exists, it means that existing cyber efforts against Windows, Mac, and Unix systems would be pointless since we're focusing on the wrong systems. There has even been speculation about whether Kylin is actually a hardened version of Linux or BSD.
Your download has 12 minutes remaining...
My thought is: why speculate when I can actually download Kylin and look for myself.
Kylin has their own web site at http://www.kylin.org.cn/. The site includes news, updates, and forums. Although the download links are currently disabled, you can find mirrors easily enough. Search Google for "KYLIN-2.1-1A.iso" and "KYLIN-2.1-1B.iso".
Considering that there are open forums for a live community, this hardly seems like a secret weapon.
Inside the ISOs
I've begun going over the Kylin ISOs (dated 2006) and so far, nothing looks like a cyberthreat. Unless they slid some malware inside one of the RPMs, there is nothing dangerous here.
Oh yes: I said 'rpm', as in 'RedHat Package Manager'. The speculation is a focus on FreeBSD. But this uses the RedHat/Fedora packaging system. (By default, BSD uses 'ports' as the package installer, and not rpm.)
I had previously written about various custom Linux distros. A distribution is a collection of otherwise-disconnected packages. Most distributions are customized for a particular field or purpose. For example, "Edubutu" is Ubuntu for educational environments, RedHat focuses on Linux with corporate support, and NetBSD focuses on stability and security. Other distros are tuned for a particular purpose (everything from game-specific configurations to religious and astronomy).
From what I can tell, Kylin (circa 2006) is nothing more than Redhat/Fedora tuned for the Chinese language and it includes a large number of optional packages already available to the online community. Just as Ubuntu selected the packages considered "Best" for their distribution, it seems that Kylin has also just collected various packages and preconfigured them.
To reiterate: The Kylin packages all include standard open source and public packages which have been brought onto one system for easy installation.
Some things that Kylin includes:
Font sets, X11, and Gnome configured for Chinese.
Standard crypto libraries. Some Linux distributions do not include them by default because of munitions and export restrictions. China does not have those issues, so they packaged up crypto-utils-2.0-4.i386.rpm and a few other packages.
Various communication protocols like PPPoE, PPP, OSPF, and RADVD. Basically, it looks like the distro wants to have the option to connect to anything.
Various archive files. They include things like rar-2.90-2.i386.rpm (support for Windows RAR archives).
Various media players. They include RealPlayer10GOLD-10.0.5.765-20050513.i386.rpm and other media players. Basically, they want to play anything.
VMware. (Always good to have an emulator available.) I don't know if packaging a distro with VMware violates the VMware licensing, but that's between VMware and China. (Same goes for including the RealPlayer package...)
In fact, beyond a few configuration files, a PDF on installation, and a splash-screen logo, I'm not seeing anything that is not obviously from some standard open source or publicly available package.
Technically, Kylin seems to use the Mach kernel (same family of kernels used in both BSD and Mac OS X systems). The most interesting aspect is that it includes LuValley -- a virtual machine monitor. From the description:
Luvalley is a Virtual Machine Monitor (VMM) spawned from the KVM project, because its part of source codes are derived from KVM. However, its overall architecture is completely different from KVM, but somewhat like Xen. Luvalley runs outside of Linux, just like Xen's architecture, but it still uses Linux as its scheduler, memory manager, physical device driver provider and virtual IO device emulator. Moreover, Luvalley may run WITHOUT Linux. In theory, any operating system could take the place of Linux to provide the above services. Currently, Luvalley supports Linux and Windows. That is to say, one may run Luvalley to boot a Linux or Windows, and then run multiple virtualized operating systems on such Linux or Windows.
The Kylin distribution seems to provide a lot of optional software. Considering all of the network services that they will be opening, including all of the network service announcement daemons, and all of the file formats and optional plugins (like most plugin modules for Apache), I'd actually say that Kylin is potentially LESS secure that other distributions.
What was that threat again? China has their own super secure operating system? Unless the security is from being unable to read Chinese (security by obscurity), I'm just not seeing it.
From the Mouth
At EuroBSDCon 2006, the person responsible for the Kylin project gave a public presentation. Qingbo Wu described Kylin as an operating system "focusing on high performance, availability and security". Although they say it contains a "system service layer which is based on FreeBSD", it was designed to be compatible with Linux (hence all of the RPM files).
The speaker does mention that it received government funding in 2002. However, that does not mean that it is a government project. I mean, seriously: Windows, Linux, BSD, and SSH all receive funds from government sponsors. Does that mean that we are all using secret hidden weapons?
Moreover, if this were a secret project designed for offensive or defensive capabilities, then why give a presentation on it to the open source community?
2. We need to take any and all actions necessary to ensure our military has access to a continuing supply of new offensive and defensive cyber capabilities that are required and will continue to be required to defend our nation. This is not a one-time investment. Continuous investment will be necessary to respond to the ever changing global supply of computer technology. Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive. While this is a highly unpopular statement, WE ARE IN THE EARLY STAGES OF A CYBER ARMS RACE AND NEED TO RESPOND ACCORDINGLY!
This race was intensified when China created Kylin, their own hardened server operating system and began to convert their systems back in 2007. This action also made our offensive cyber capabilities ineffective against them given the cyber weapons were designed to be used against Linux, UNIX and Windows. Refer to our report - RED SOS.
The uppercase text, which really is capitalized like that in the report, is certainly alarmist. But for clarity, alarmist does not mean that it is inaccurate.
However, the very next paragraph mentions Kylin. It describes Kylin as a hardened operating system, made by China, and negates our offensive cyber capabilities which were designed against "Linux, UNIX, and Windows".
Sorry Kevin, but I'm just not seeing that.
I reviewed a 2006 version of Kylin. It was created by people in China, but I don't see anything that suggests it was created for military or government purposes.
Creating a hardened system is not a fast process. Unless they did some complete recreation between 2006 and 2007, I seriously doubt that it has been very hardened. Just with the network services that are installed, it really seems far from secure.
In 2006, Kylin was based on BSD (which is Unix) and Linux (rpm packages). So how does this invalidate any offensive UNIX and Linux capabilities?
Other people are also claiming that Coleman's statement is more hype that fact. Security Guru Bruce "I'm better than Chuck Noris" Schneier questioned the findings and speculates that it is more hype than fact. Even the Chinese media Xinhua denounced the findings as propaganda and stated that "'Kylin' was designed and used for civilian purposes only." While I would usually question Xinhua's own view as biased propaganda, this time their statements align with my own findings.
