Operating System change is coming…
We all know that Windows still dominates the desktop arena with Linux and MacOS trying to catch up and that Android dominates the mobile space with iOS and Windows Phone trying to catch up as well. What many of these OSs have in common is that they are developed by USA companies (hello NSA!).
With the silent (or not that silent cyber guerrilla going on in the Internet between the West and the East it is not surprising that many Nation States are developing their own operating systems to cut the dependency on USA software vendors.
The Sony cyber attack by North Korea (supposedly, not proven yet) has caught a lot of media attention -even President Obama has spoken about the need of increasing cybersecurity- and to make things more interesting the operating system used by North Korea government was leaked on Internet and it is currently being analyzed by many security companies and intelligence agencies to find 0day.
Several Nation States have announced the development of their own “secure (cough)” operating system, the ones I know of:
- Red Star OS: Linux based (Red Hat) with a Windows XP look & feel used by North Korea.
- China: Several custom OSs.
- Russia: Several custom OSs.
- RoMOS: A customized Android OS for mobile devices (this OS doesn’t send any information to Google).
- Linux: Russia government announced switching to Linux as the national OS this year.
- France: Not really their own operating system but the French military switched to Linux Ubuntu (allegedly to save money).
- India: Also announced their own secure OSs (not much details published).
- United State of America: Several custom OSs.
- The Defense Information Systems Agency (DISA) is developing a secure version of Android to be used in mobile devices across the government.
- Plan X: An OS develop by DARPA to be used by the military for cyber warfare operations in real time.
The fact that Nation States are developing their own customized OS for defensive purposes forces adversaries to obtain copies of these OSs to find 0day if they want to perform offensive actions, so we can expect the 0day market to grow in the incoming years for exploits and rootkits in all of these Nation State OSs.
There is a good chance for Nation States counterintelligence to publish fake OSs and software pretending to be the real thing for adversaries so they waste their resources trying to obtain copies and time analyzing the software or why not putting offensive software inside the OS to attack the systems used to analyze the software and compromise the network.
For sure security companies and intelligence agencies from both sides (West and East) must keep an eye on the technologies used by their adversaries and have ready a bunch of 0days on these OSs as the standard/regular Windows, Android and Linux versions will probably go away.
Nation States not putting enough resources to develop their offensive capabilities will be unable to perform any actions against adversaries that use custom OSs in the future.
Reader: If you know any more Nation States OS, please let me know and if you got copies of any of them send them my way, please!! (Already got Red Star OS, thanks)
What do you think of Nation States developing their own OSs?
— Simon Roses Femerling | @simonroses