China deploys secure computer operating system

May 12, 2009
Chinese people surfing the internet in Beijing, 2007. China has installed a secure operating system known as "Kylin" on government and military computers designed to be impenetrable to US military and intelligence agencies, The Washington Times reported.

China has installed a secure operating system known as "Kylin" on government and military computers designed to be impenetrable to US military and intelligence agencies, The Washington Times reported on Tuesday.

The newspaper said the existence of the secure was disclosed to Congress during recent hearings which included new details on how China's government is preparing to wage cyberwarfare with the United States.

Kevin Coleman, a private security specialist who discussed Kylin during the April 30 hearing of the US-China Economic and Security Review Commission, said its deployment is significant because it has "hardened" key Chinese servers.

Coleman told the Times that Kylin has been under development since 2001 and the first Chinese computers to use it are government and servers that were converted beginning in 2007.

"This action also made our offensive cybercapabilities ineffective against them, given the cyberweapons were designed to be used against Linux, UNIX and Windows," he said, citing three popular computer operating systems.

The newspaper said US offensive cyberwar capabilities have been mainly focused on getting into Chinese government and military computers outfitted with less secure operating systems like Microsoft's Windows.

Coleman said Chinese state or state-affiliated entities are on a wartime footing in seeking electronic information from the US , contractors and industrial computer networks.

The Chinese have also developed a secure microprocessor that, unlike US-made chips, is known to be hardened against external access by a hacker or automated , Coleman said.

"If you add a hardened microchip and a hardened operating system, that makes a really good solid platform for defending infrastructure," he said.

"In the cyberarena, China is playing chess while we're playing checkers," Coleman said, adding that China is equal to the United States and Russia in military cyberwarfare.

"This is a three-horse race, and it is a dead heat," he said.

The US-China Economic and Security Review Commission warned last year that China has developed a sophisticated cyber warfare program and stepped up its capacity to penetrate US computer networks to extract sensitive information.

"China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission said in the report released in November.

China rejected the findings of the commission and has also dismissed more recent US newspaper reports that Chinese hackers were behind a cyber attack on computers linked to the Pentagon's Joint Strike Fighter project.

(c) 2009 AFP

Explore further: Microsoft expands ad-free Bing search for schools

add to favorites email to friend print save as pdf

Related Stories

Spies breach Pentagon fighter-jet project: report

Apr 21, 2009

Computer spies have hacked into the Pentagon's most costly weapons program, a US newspaper reported Tuesday, raising the prospect of adversaries gaining access to top-secret security data.

SKorea and US forge deal to fight cyber attacks

May 04, 2009

South Korea and the United States have agreed to cooperate in fighting cyber attacks against their defence networks from countries including China and North Korea, officials said Monday.

Calls for closer US tabs on China tech rise

Dec 15, 2005

Concerns about China are no longer just about it being the ultimate base for companies seeking to produce goods at ever-lower costs. Wealthy nations must be vigilant of China's growth, not just as a cheap manufacturing base, ...

U.S.: China must 'crack down' on piracy

Nov 14, 2005

The Chinese government must "crack down" on piracy and enforce intellectual-property rights, the top U.S. trade official said Monday in Beijing.

Recommended for you

Review: 'Hearthstone' card game is the real deal

15 hours ago

Video game publishers don't take many risks with their most popular franchises. You know exactly what you are going to get from a new "Call of Duty" or "Madden NFL" game—it will probably be pretty good, ...

Microsoft expands ad-free Bing search for schools

Apr 23, 2014

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

User comments : 27

Adjust slider to filter visible comments by rank

Display comments: newest first

freemind
4 / 5 (4) May 12, 2009
once they figure out the Chinese OS can go to mass... buy buy Microsoft... =)
John_balls
5 / 5 (1) May 12, 2009
This is huge for the chinese.
docknowledge
2.9 / 5 (10) May 12, 2009
I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).

All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.

Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.
docknowledge
2.4 / 5 (7) May 12, 2009
I should qualify. There is a small group of people at Microsoft who are given the title "MVP". (It stands for "I Actually Know What I'm Talking About".) They may use that MVP signature and speak officially for Microsoft. Those people *could* develop a secure operating system. That is, if all the others were fired.
derricka
4.5 / 5 (8) May 12, 2009
Any nation that values it's sovereignty would be foolish to use a foreign operating system on their computers. Especially if the country in which that OS is developed, has laws which allow it to force vendors into revealing source code, installing hidden back doors, and limiting encryption capability. The Chinese are simply doing what every country should, as anything less, means foreign governments can know of your troop deployments, capabilities, strategies and commands issued.
El_Nose
4 / 5 (5) May 12, 2009
Sun Tzo -- The Art of War
chapter 6: On strength and weekness

... "The ultimate skill is to take up a position where you are formless. If you are formless, the most penetrating spies will not be able to discern you, or the wisest counsels will not be able to do calculations against you. With formation, the army
achieves victories yet they do not understand how. Everyone knows the formation by which you achieved victory, yet no one knows the formations by which you were able to create victory. Therefore, your strategy for victories in battle is not petitious, and your formations in response to the enemy are endless."


docknowledge i dismiss your comments out of hand -- A) you are not addressing the article and B) As most Unix people will even credit Microsoft -- It is difficult to write an OS.

As a CS major OS's are studied for what they should be able to do... so whether you delve down into Windows or happily look through the Linux kernel you appreciate the time and skill it takes to create something that is doing its job best when you forget its there. And MS is the largest software producer on the planet -- But most people just think of Windows -- They forget that almost any other software product they buy if it is not made by MS it was made to look, and feel like a similar MS product. We all agree that the OS is weak in terms of security -- but hey it was never actually meant to be secure-- it was made for the PC a single user machine and was ported over to workstations and all hell broke loose -- Unix is secure because it was intended to be secure -- oh and if there were more than 10% of the population on Mac's then hackers might actually get bored enough to start attaking them, the system has flaws but who cares about exploiting less than 10% of the population its not worth anyones time, e.g. the iphone was out less than a month before the flaws in security came out and then we realized they were the same flaws on Macs --


-- The article --
am i the only one upset that another country is publically calling out the US -- they are actively going to engage in cyberwarfare -- do not delude yourselves 'we' , China, are attacking the US on the secure network front and we are actively beefing up our defenses. -- WOW Hackers of the World Unite --- I have no interest in trying to access the Chinese gov't puters but man this is bold

I am not deluded enough to think we are not doing the same things to the rest of the world but have we made such a bold statement --

I wonder what security features you can put on a CPU -- or microprocessor -- if a EE could respond i would love to know ideas, in my world the CPU is abstracted to far away-- it runs commands for the code i write, unless it makes checks on the system level -- but i don't know enough on the subject


-- PS not really defending MS, i know i was, but man we as a science community need to get over whether windows is good or bad -- it does what it does and is good for some people bad for others
djp
2 / 5 (1) May 12, 2009
Any operating system, if unique, will be "secure" as long as a minority of the population has access to it. Once the code or even an install executable is smuggled out and in the hands of another, that person can find exploits. Well, unless the os is something like Klingon or something .. lol
GrayMouser
3 / 5 (3) May 12, 2009
I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check.

A couple of points,
1) Macs have been around for a long time. Even considering the change from pre-OS X to OS X (since OS X is based on the open source BSD kernels.)
2) Microsoft has met the demands of their customer base (except for Vista ;-). Those demands have been low and mis-focused, where security is concerned, but they have been met.
3) The more secure operating systems are older and not as sexy as the commodity O/Ss (Windows, MacOS, Linux,...) and are looked down upon by the younger generation.
4) Until the O/S developers move away from languages derived from C they will be followed by the problems high level assembly languages entail.
superhuman
3 / 5 (3) May 12, 2009
China is doing the right thing.

The rest of the World should follow suit. The best course of action is to create one standarized secure open source OS for the whole World. It should be designed to last decades not years, to allow hardware flexibility hardware and services layers should be separate. To make it more secure all components should have completely specified and enforced interfaces, secure information needs to be completely separated from insecure information (preferentially with the help of the hardware) and user software has to run on virtual machines. In this way an OS can be made as secure as needed.

No government or military should be using m$ pathetic code, it's extremely irresponsible.
AJWM
4.8 / 5 (5) May 12, 2009

I wonder what security features you can put on a CPU -- or microprocessor -


Just designing it to use something other than the monoculture x86 instruction set would go a long way in that direction.

Other features, which some processors have to varying degrees, include things like making code segments unwriteable, better (eg hardware) stack overflow checking, and marking data segments un-executable. (Some of these things have to be allowed to the OS kernel, of course.) That would take care of the most common exploits out there.

Beyond that you can into things like tagged-word architecture (where each memory word has additional tag bits that identify its type), segment descriptors, more layers of hardware privilege levels (what opcodes are allowed to execute depends on what level (or 'ring') you're running in).

Hardware can also be used to augment software techniques, such as encryption at multiple levels (RAM, disk, network). Imagine a system where every process's memory space was encrypted with a different key, for example. Or where the OS and all executables are in ROM (no rootkits!)

A lot of this stuff has been around 'forever' (see the architecture of the Burroughs B5000, fifty years old, for example) but adding it of course makes chips more expensive without adding a "performance" increase -- if you don't include security in your performance figure-of-merit.
LuckyBrandon
4 / 5 (4) May 12, 2009
You guys are all forgetting a whole nother level that comes BEFORE any corporate Windows PC security breach attempts. That is the fact that some schmuck in the networking groups didn't properly do his firewall rules.

Oh and BTW, if MS makes no secure solutions...how do you explain ISA Server, IGA, ForeFront Client Security, CERTIFICATE SERVICES, etc.

Windows can be locked down and secured, its just not that way by default, and if you properly lock down your network in the first place, you should have little to no worries about it anymore.
Hell, even my home network consists of more than 3 routers, 3 hardware firewalls, and 2 ISA firewalls. But then again, I'm a paranoid sum-um-a-biatch....


The fact is, China could build the worlds most secure system ever, but unless they can control the code to the point that none of it whatsoever can be leaked out even to other government employees, the source code will get out, and their system will then have security flaws afterwards.

I bet the developers now have a target painted on them by every intelligence agency in the world to top it off. On the bright side for china though, is their distinct habit of execution..which may deter some developers from talking for awhile.
LuckyBrandon
1 / 5 (1) May 12, 2009
i should rephrase...nowadays Windows is more locked down by default
QubitTamer
2.2 / 5 (6) May 12, 2009
I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).



All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.



Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.

I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).



All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.



Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.


You're a retard Docknowledge. The reason you don't have serious virus issues with Macs is the bloated price of the hardware over the years kept the Mac a niche market computer for hippies, artists, rich actors, and people who mainly wanted to be seen using a computer with nice stylish design. A one button mouse for 25 years? Really? If Steve Jobs was more of a business man than an egotistical control freak he would have long ago written a version of the Mac OS for other hardware platforms. Then the market share of Mac OS would go up and there would be more running instances and hence more viruses targeting Macs.

Arikin
3.5 / 5 (4) May 12, 2009
The weakest link will still be the human link. So good old cold war CIA tactics will come in handy :-)

But, the USA should be doing the same thing now! There was a reminder with a recent article about the national power grid being hacked... But being a government, it moves at glacial speed.
superhuman
1 / 5 (1) May 13, 2009
You guys are all forgetting a whole nother level that comes BEFORE any corporate Windows PC security breach attempts. That is the fact that some schmuck in the networking groups didn't properly do his firewall rules.

You've been using windows for so long that it completely messed up your idea of security.

If "some shmuck" can access security critical settings in a network which is supposed to be secure it can only mean that either the administrator is an idiot or the OS is a worthless piece of code.
O2L
not rated yet May 13, 2009
i would love to get my hands on a copy of that OS!
when it goes public i'll definetly have a look at it
Honor
not rated yet May 13, 2009
this article could use some more detail.
LuckyBrandon
1 / 5 (1) May 13, 2009
superhuman-the "some schmuck" means the administrator is an idiot
googleplex
5 / 5 (3) May 13, 2009
It should be noted that the screens/keyboards can be read remotely with the appropriate technology. This can be shielded or jammed. My point is that even the most secure systems have a key. Once the key is obtained then security vanishes.
The other issue is that the system probably has a backdoor. All it takes is one insider to divulge the backdoor to the "wrong" person and security is again compromised. There is always a way in. Sometimes the dumbest simplest approaches work the best.
nilbud
1 / 5 (8) May 13, 2009
China has to protect itself against illegal spying by us criminal organisations such as the murderous cia and their lapdogs in england using echelon. It's a pity that such steps have to be taken but the wasp axis of evil seems to think it has a right to spy on everyone without a warrant or justification. Maybe if the criminals running echelon stopped provoking the rest of the world they wouldn't have to be dealt with quite so thoroughly.
LuckyBrandon
3 / 5 (2) May 13, 2009
the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.
you need to think in a broader perspective my friend.
Doschx
2.3 / 5 (3) May 14, 2009
I would assume, given the complete lack of acknowledgement or action by our government, that this development has scared them speechless or, and this is what my money is on, the juicy stuff is locked up on a whole new level. I'm thinking something akin to greek when the whole world was speaking in tribal dialects. Such vast seperations would be the equivalent of a Chuck Norris Roundhouse Kick firewall system, too fast to see it in action, and you always know your place. Sure enough though, China decided to paint a target on the back of their heads with this one.

First to crack it open gets the fortune cookie... complete with their internet history, passwords, and all :) Compromise their defense mainframe or w/e and make them nuke the moon to spell your name.
GrayMouser
4.2 / 5 (5) May 16, 2009
Any operating system, if unique, will be "secure" as long as a minority of the population has access to it. Once the code or even an install executable is smuggled out and in the hands of another, that person can find exploits. Well, unless the os is something like Klingon or something .. lol

Some rules in random order:
Rule #1: The only secure computer is one that is never turned on.
Rule #2: Your biggest security risk is humans.
Rule #3: If I can get my hands on your computer your security is compromised.
Rule #4: A network is not your friend.
Rule #5: Obscurity is not security.
Jayofalltrades
not rated yet May 18, 2009
Lets just set the gov. back to pens and paper, no computers, no copiers, nothing! Then we would be secure (or they would, being the gov.) Phone calls in Pig Latin! Morse Code in Pig Latin! Break that, China! J/k for the most part here, btw.
LuckyBrandon
1 / 5 (1) May 19, 2009
i say set up a no arms pact with them, ensure they take our side on the north korea thing, exchange all our best technologies...then we can get use of their million man infantry to come in from the east in our war zone....
i too am half kidding....but then again...
nilbud
1 / 5 (2) May 20, 2009
the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.


What the hell are you talking about? US designs for cars? US design for er, noone buys US designed anything. The only thing the US produces is obsolete massively overpriced junk such as the C17 which has been discontinued because no airforce in the world will buy it.
LuckyBrandon
1 / 5 (1) May 23, 2009
the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.





What the hell are you talking about? US designs for cars? US design for er, noone buys US designed anything. The only thing the US produces is obsolete massively overpriced junk such as the C17 which has been discontinued because no airforce in the world will buy it.



um..gee..lets see here

fighter jets
space capable shuttles
intercontinental ballistic missiles
programmable firearms munitions
rifles/pistols

hell you name it....

dont get me wrong, the US does it too, but in the context of your earlier comment, mine was correct in that the US is defending themselves all in all from someone else being able to steal our technology.

To love or hate the fact that the US is the world superpower, and hence the largest target for theft of technology doesn't matter. The facts are teh facts.

As far as the C-17. Its a freakin vehicle and troop transportation plane. Its not meant ot be that impressive, just big.

If you put it into the context of China...well, China, while I absolutely love the chinese people and overall culture as a whole, they can't build tech that is worth a damn. I can also note proof of this from all places, on ebay.....many chinese made tech deveices were banned from there because they don't work as advertised. A good example is USB jump drives, where a chinese company purposely mismatched chipsets with chips and sold USB drives as a higher capacity than the chip would allow to be stored. I bought one of these and notified the seller, who in turn sent me multiple more asking me to test them (and one new one for me if I was interested in it)..I tested over 12 of these devices, ALL of which had the same problem. I even hunted down the manufacturer in china, whom conveniently does not have contact information. Afterwards I was asked to trash all those chips, and that seller no longer sells them...I then did this for another seller who emailed me as they somehow got word...same problem on 8 more of a different style.

More news stories

Genetic code of the deadly tsetse fly unraveled

Mining the genome of the disease-transmitting tsetse fly, researchers have revealed the genetic adaptions that allow it to have such unique biology and transmit disease to both humans and animals.