NSA’s new data center in San Antonio

San Antonio will be hosting the new data center of the National Security Agency reports the San Antonio Current[1]. An old Sony factory on the West Military Drive, near San Antonio’s Loop 410 freeway, will be transformed to accommodate enormous size of data, which will mainly be electronic communications such as phone conversations and emails according to author James Bamford:

“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas.”

This city have been chosen for it’s cheap electricity, provided on an independent power grid since Texas as its own, unconnected to the other states’ grid, making it more reliable.

NSA's Datacenter in San Antonio
NSA's Datacenter in San Antonio

Another factor that played was the location of a similar size Microsoft datacenter a few miles away. This center will be the third largest data center of San Antonio.

As for the Sony plant, it’s made out of two connected buildings, offering offices and research areas and totals around 470 000 square feet[2]. It is expected that 1500 employees will work there initially and may employ up to 4000 personnel.

[1] “The panopticon economy”, Greg M. Schwartz, San Antonio Current, December 3, 2008, http://www.sacurrent.com/news/story.asp?id=69607 (accessed on December 8, 2008)

[2] “NSA Plans San Antonio Data Center”, Rich Miller, Data Center Knowledge, April 19, 2007,  http://www.datacenterknowledge.com/archives/2007/04/19/nsa-plans-san-antonio-data-center/ (accessed on December 8, 2008)

China’s Red Flag Linux

Red Flag Linux Logo
Red Flag Linux Logo

Two days ago, the Inquirer post an article on a new law passed in the Chinese city of Nanchang, in the Jiangxi province, to replace pirated copies of Windows in Internet cafes by legitimate software[1]. The alternative proposed to the cafes is the Red Flag Linux distribution, which prompted fears of snooping by U.S Radio Free Asia. The radio quoted the director of the China Internet Project, Xiao Qiang as saying that “cafes were being required to install Red Flag Linux even if they were using authorised copies of Windows[2]“. According to an official of the Nanchang Cultural Discipline Team, the transition from Windows to Red Flag already started in the 600 Internet Cafes of the city[3] and not across all of China unlike many titles claim.

Short History of Red Flag Linux

Red Flag Linux was created by the Software Research Institute of the Chinese Academy of Sciences in 1999 and was financed by a government firm: NewMargin Venture Capital. The distro is now distributed to government offices and business by Red Flag Software Co[4]. The goal of the Chinese government was to reduce the dominance of Microsoft over the operating system market. It therefore invested in Red Flag Software through a venture capital investment company owned by the Ministry of Information Industry called CCIDNET Investment[5].

At first, the OS was exclusively in Chinese and restricted itself to the Chinese market. In 2003, then the company developed an English version for international markets. This project received further help after Hewlett Packard concluded a plan to provide Red Flag with help in various field to market its operating system around the world[6]. As many companies took interest in the Chinese economic boom, Red Flag signed partnerships with various western companies like IBM, Intel, HP, Oracle[7] who wanted to open a new market into China. That way, Real networks among others, distributed its media software with Red Flag[8].

According to IDC, a market-research company, the revenue of Red Flag Software Co. totalled US$8.1 million in 2003. There were 24 000 server operating system shipments accounting for $5.9 million in revenue[9]. In 2006, Red Flag Software was the top Linux distributing company in China with over 80% of the Linux desktop market[10]. After a while, new versions of Red Flag were made for mobile devices[11] and embedded devices[12]. It can also be found on various server sold across China by Dell.

Therefore it seems that Red Flag Linux, after a slow period in the dot-com crash, is alive and well nowadays in China. The operating system changed quite a bit from its beginnings in 1999 up to now but we can expect the use of this distribution to grow in the upcoming years, as prices for proprietary OS such as Windows can be quite prohibitive for most of the Chinese population. The Red Flag Linux distro can be downloaded for free from Red Flag Software Co. (see the end of this article for the links) while Vista Home Basic was sold at renminbi (US$65.80) in 2007[13]

Technical Aspects

According to this early reviewer who tested the OS back in 2002[14], the first Red Flag 2.4 Linux OS was based on the Red Hat distro. It came basically with the same options such as X11, the KDE interface as default and used the Reiser file system. Interestingly, no root password were needed and seemed to be the default account. It came with the standard user applications such as XMMS.

Since then, Red Flag Linux has switch from Red Hat to Asianux 2.0 as its base distribution[15]. A root password needs to be specified at the installation and is now available on Live CD. Also, don’t expect a completely English system, while the most important parts of it should be English, some may still be in Mandarin. XMMS has long been replaced with KDE’s multimedia tools such as KsCD, JuK, Dragon Player, and KMix. Other software you can find on the “Olympic” beta version distribution, released last September[16]:

KAddressBook Kopete
Kontact Krfb
KOrganizer KNode
Firefox Akregator
KMail Akonadi

According to the reviewer, and by looking at the English website, is does look like the English version is not maintained as much as the Chinese version. Therefore I believe the Chinese version might contain more features and less bugs. It might even contain office software such as Red Office.

This operating system is certainly one to watch, not really for its technical aspects or usefulness, but mainly because it might spread across China as businesses and governmental agencies adopt Red Flag Linux. If an attack should be ported against Chinese communication infrastructure, this distribution would certainly be one of the targets to analyze in order to find holes and exploits. Unfortunately, finding information about this Linux is tricky, mainly due to the language barrier. Using software translation is amusing but useless. It is hard to determine if the OS contains any modification for spying or snooping, as one would need to go through the source of a large part of the OS (I wish I had time to do that). But then, it’s less hard than to examine closed source software. Snooping can come from everywhere also, they might be better off with Red Flag Linux than Sony software afterall[17]

If anyone has information, please share it, as information should always be shared. In the meantime, a desktop version of Red Flag Linux is available here. And if you can understand Mandarin, maybe you could visit this page.

Enrich your Mandarin Vocabulary: 红旗 = Red Flag

See also:

Red Flag Software Co., http://www.redflag-linux.com/ (Mandarin language)

Red Flag Software Co., http://www.redflag-linux.com/eindex.html (English language)

Red Flag Linux may be next on IBM’s agenda“, James Niccolai, Network World, September 22, 2006, http://www.networkworld.com/news/2006/092206-red-flag-linux-may-be.html (accessed on December 4, 2008)

Dell flies Red Flag Linux in China“, Michael Kanellos, ZDNet, December 3, 2004, http://news.zdnet.com/2100-3513_22-133162.html (accessed on December 4, 2008)

With HP’s help, China’s Red Flag Linux to step onto global stage“, Sumner Lemon, ComputerWorld, September 2, 2003, http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,84602,00.html (accessed on December 5, 2008)

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

[1] “Chinese ordered to stop using pirate software”, Emma Hughes, The Inquirer, December 3, 2008, http://www.theinquirer.net/gb/inquirer/news/2008/12/03/chinese-ordered-away-pirate (accessed on December 4, 2008)

[2] “New fears over cyber-snooping in China”, Associated Press, The Guardian, December 4, 2008, http://www.guardian.co.uk/world/2008/dec/04/china-privacy-cyber-snooping (accessed on December 4, 2008)

[3] “Chinese Authorities Enforce Switch from Microsoft”, Ding Xiao, translated by Chen Ping, Radio Free Asia Mandarin Service, December 2, 2008, http://www.rfa.org/english/news/china/microsoft%20to%20linux-12022008144416.html (accessed on December 4, 2008)

[4] Ibid.

[5] “Raising the Red Flag”, Doc Searls, Linux Journal, January 30, 2002, http://www.linuxjournal.com/article/5784 (accessed on December 4, 2008)

[6] “English version of China’s Red Flag Linux due soon”, Sumner Lemon, InfoWorld, September 8, 2003, http://www.infoworld.com/article/03/09/08/HNenglishredflag_1.html (accessed on December 4, 2008)

[7] “Red Flag Linux”, Operating System Documentation Project, January 13, 2008, http://www.operating-system.org/betriebssystem/_english/bs-redflag.htm (accessed on December 4, 2008)

[8] “RealNetworks signs up Red Flag Linux”, Stephen Shankland, CNet News, October 6, 2004, http://news.cnet.com/RealNetworks-signs-up-Red-Flag-Linux/2110-7344_3-5399530.html (accessed on December 4, 2008)

[9] “China’s Red Flag Linux to focus on enterprise”, Amy Bennett, IT World, August 16, 2004, http://www.itworld.com/040816chinaredflag (accessed on December 4, 2008)

[10] “Red Flag Linux 7.0 Preview (Olympic Edition)”, Begin Linux Blog, August 15, 2008, http://beginlinux.wordpress.com/2008/08/15/red-flag-linux-70-preview/ (accessed on December 4, 2008)

[11] “Introduction to MIDINUX”, Red Flag Software, June 2007, http://www.redflag-linux.com/chanpin/midinux/midinux_intro.pdf (accessed on December 4, 2008)

[12] “Car computer runs Red Flag Linux”, LinuxDevices, November 13, 2007, http://www.linuxdevices.com/news/NS4055537183.html (accessed on December 4, 2008)

[13] “Update: Microsoft cuts Windows Vista price in China”, Sumner Lemon, InfoWorld, August 3, 2007, http://www.infoworld.com/article/07/08/03/Microsoft-cuts-Vista-price-in-China_1.html (accessed on December 5, 2008)

[14] “Red Flag, China’s home-grown Linux distribution, is a good start”, Matt Michie, Linux.com, February 22, 2002, http://www.linux.com/articles/21365 (accessed on December 4, 2008)

[15] “Red Flag Linux Desktop”, http://www.iterating.com/products/Red-Flag-Linux-Desktop/review/Janos/2007-07-01 (accessed on December 5, 2008)

[16] “Red Flag Linux Olympic Edition fails to medal”, Preston St. Pierre, Linux.com, September 11, 2008, http://www.linux.com/feature/146867 (accessed on December 5, 2008)

[17] “Real Story of the Rogue Rootkit”, Bruce Schneier, Wired, November 17, 2005, http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601 (accessed on December 5, 2008)

Quebec Launches Campaign Against Identity Theft

Yesterday the ISIQ (Institut de la Sécurité de l’Information du Québec) launched its new campaign to educate citizens computer security and protection of personal information over the Internet. The ISIQ launched a new portal, MonIdentité (in French) containing lots of information for users on how to protect their identity and to identify risks such as phishing, spyware, Trojans and weak passwords. The campaign has been launch by Pierre Arcand, deputy of the Mont-Royal district in Montreal.

“We want the citizens to become their own artisans of their security on the Internet, by adopting a secure behavior.” said M. Pierre Arcand.

The campaign comes amid a declaration from the Chaire de recherche du Canada sur la sécurité, identité et technologie (in French) who reports that in the last 3 years, 314 millions personal files where lost in 976 incidents in Canada and in the United States. Half of them were due to the incompetence of the owning corporation or organization.[1]

This is exactly the kind of initiative we need. Humans are always the weakest link in any security network, therefore educating the population about security is essential. My only fear is that this campaign will largely be ignored by the media and the population, since elections are looming in the province and economic news are still the main topic.

Je Protège Mon Identité - ISIQ Portal
Je Protège Mon Identité - ISIQ Portal

[1] “Pour naviguer sans tracas”, Radio-Canada, October 27, 2008, http://www.radio-canada.ca/nouvelles/societe/2008/10/27/003-securite-informatique.shtml (accessed on October 28, 2008)

Twitter Terrorism

Today the U.S Army discovered something called Twitter, and realized that, as MySpace, Facebook, Google Earth and many other sites, it could be used by terrorists to plan attacks on landmarks or other targets. Although the Army report admits it has no proofs that Twitter is currently used by individuals for terrorism. The report details many interesting scenarios described in the report:

Scenario 1: Terrorist operative “A” uses Twitter with… a cell phone camera/video function to send back messages, and to receive messages, from the rest of his [group]… Other members of his [group] receive near real time updates (similar to the movement updates that were sent by activists at the RNC) on how, where, and the number of troops that are moving in order to conduct an ambush.

Scenario 2: Terrorist operative “A” has a mobile phone for Tweet messaging and for taking images. Operative “A” also has a separate mobile phone that is actually an explosive device and/or a suicide vest for remote detonation. Terrorist operative “B” has the detonator and a mobile to view “A’s” Tweets and images. This may allow “B” to select the precise moment of remote detonation based on near real time movement and imagery that is being sent by “A.”

Scenario 3: Cyber Terrorist operative “A” finds U.S. [soldier] Smith’s Twitter account. Operative “A” joins Smith’s Tweets and begins to elicit information from Smith. This information is then used for… identity theft, hacking, and/or physical [attacks]. This scenario… has already been discussed for other social networking sites, such as My Space and/or Face Book.[1]

Although this is true, for anyone having a clue about technology, this shouldn’t be any news. Any social networking site offers the opportunity to criminals and terrorists extensive information about someone. This can only by solved by educating people about privacy, and why it’s important. This is especially true for security and military personnel.

See also:

Noah Shachtman, “Spy Fears: Twitter Terrorists, Cell Phone Jihadists”, October 24, 2008, http://blog.wired.com/defense/2008/10/terrorist-cell.html (accessed on October 27, 2008)

[1] “Sample Overview: alQaida-Like Mobile Discussions & Potential Creative Uses” http://blog.wired.com/defense/2008/10/terrorist-cell.html (accessed on October 27, 2008)