9 December 2016

The Vulnerability of the North Korean Internet (Such As It Is)


The “hack proof” North Korea Red Star PC OS (operating system) is hackable. That has been made public recently. Where there is one vulnerability there are many, at least when it comes to exploits (OS vulnerabilities) that allow hackers to get in via a network. Many Internet security experts saw this as inevitable after the 2014 North Korea decision to increase Internet access and computer use for students and trusted members of the population. Most of these users only have access to the North Korean Internet. This local Internet is called “Bright” and consists of a few thousand web pages on 28 different websites, all hosted within North Korea and mostly containing educational or propaganda material plus government announcements of importance. The news sites on Bright give the government version of the news. Discussion is permitted, but constantly monitored for disloyalty. Bright is isolated from the international Internet and access to Internet sites outside North Korea is strictly monitored, as is email outside the country. Anyone who misuses either Bright or the international Internet access is severely punished. Thus while Internet access is sought, it is also feared.

Since the 1990s North Korea has been seeking out more people with a talent for using the Internet, primarily for espionage and cyber (Internet based) combat and crime (to raise money for the nukes and missile work). Since the early 1990s North Korea has been training a small number of people (a few hundred a year) as network engineers and hackers. Once the Internet became a big deal in the late 1990s North Korea increased training activity but found few North Koreans had any exposure to the Internet or PCs. At that point more and more of the elite families (a few hundred thousand people) began acquiring personal computers. The youngsters in those families, like kids everywhere, took to this new technology. The current (since 2011) North Korean leader, Kim Jong Un, was only 31 years old when he took over and grew up during all this and is a big fan of PCs and all manner of tech. He is mainly responsible for the increased access to the Internet for more North Koreans.

Kim Jong Uns father, who ran the country from 1994 to 2011 was also a tech fan and understood the usefulness of the Internet. But he also feared the Internet, as does his son. In 2010 the secret police were ordered to crack down on North Korean PC users (a few percent of the population, most belonging to the ruling Communist Party elite) who were still using copies of Windows XP (a pirated, Chinese language, version) operating system. That crackdown was because the government had banned the use of Windows in 2009. In that year North Korea ordered everyone to switch to a new operating system, a version of Linux (Red Star) in the Korean language with a graphical interface that was very similar to Windows XP. The secret police wanted the Chinese language version of Windows gone in order to make it more difficult for North Koreans to communicate in Chinese, and to watch videos (XP was much better equipped for video than the new Linux OS). Red Star 2.0 appeared in 2011 with an interface similar to that found in Windows 7. The latest Red Star 3.0 appeared in the last year with an interface that looks like Mac OS 10.

What North Korea is more worried about than getting hacked is North Korean Internet users sending and receiving files, especially media files from China or North Korea. That’s not a problem because North Koreans eager to obtain foreign video and music have a less risky source. It works like this. There are over 100,000 North Koreans legally working in China and Russia and when they return home for a visit or for good they have found it very profitable to buy Micro SD cards and fill them with foreign music and videos. The Micro SD cards are the size of a fingernail and easy to hide. It is impossible to search returning North Koreans (and all their clothing and other goods coming home with them) for illegal Micro SD cards. So these get in. While overseas the North Korean workers can buy a 32 GB Micro SD cards for a few dollars and fill it up with over 50,000 hours of high quality video. Some of that video, software and music will be the latest stuff which can be sold to distributors in North Korea who sell this illegal content on the black market.

Then there’s also illegal use of Chinese cell phones which, when used near the Chinese border can connect to the Chinese Internet and the world. North Korea has been pretty successful in keeping the Internet and PCs out of the country but to keep the economy going in the 21st century both these technologies are needed, at least in small quantities. The problem is that you can never obtain complete control over what people will do with these technologies. And then there are the hackers, especially the foreign ones.

No comments: