Inside North Korea's Dissident-Tracking Computer Software System
North Korean students use computers near portraits of the country's later leaders Kim Il Sung, left, and his son Kim Jong Il at the Kim Chaek University of Technology in Pyongyang, North Korea. Vincent Yu/AP File Photo
Called Red Star, researchers dug into its code to discover it’s based on the open-source software Linux.
Apple has OSX and iOS. Google has Chrome OS and Android. Microsoft has Windows. And the isolated state of North Korea has its own operating system, too.
Called Red Star, two researchers in Germany dug into its code to discover that it’s based on the open-source software Linux. One of Red Star’s key features is a watermarking system that secretly creates a record of everyone who’s touched that file.
Red Star quietly adds a unique identifier to media files—pictures, Word documents, or videos—the moment they are accessible. For example, if a USB drive containing an illicit document is plugged into a computer running Red Star, that file is automatically tagged with that computer’s unique identifier. If that file is copied to another machine, the new machine’s identifier is added to the watermark.
“It’s a wet dream for an oppressive regime,” said one of the Red Star researchers, Niklaus Schiess, at the Chaos Communication Congress in Hamburg on Dec. 27.
Unsanctioned information in the Hermit Kingdom is often passed around on USB sticks or microSD cards. North Korea isn’t alone when it comes to state-sponsored operating systems. Cuba and China have their own versions, also based on Linux. India announced plans for its own OS in September.
While North Korea’s interest in dissident reading habits is no surprise, Schiess and Florian Grunow, his partner on the project, found some apparently privacy-preserving features in Red Star. The system comes bundled with a program that lets users encrypt their data–with no apparent backdoor built in for decryption.
“We thought there would be obvious backdoors in place but we didn’t see any of those,” Schiess said.
He cautioned that they may have simply missed a backdoor and that it could be installed through other means, like a software update delivered over North Korea’s national network.
State-sanctioned backdoors are a hot topic. In the U.S., the debate over installing backdoors dominated recent Democratic and Republican presidential debates. The U.K. government is pushing for a new law that would compel tech companies to decrypt user’s data on demand. Apple has vocally objected to the law, warning that backdoors can have “dire consequences.”
China’s new anti-terrorism law mandated a backdoor for foreign tech firms in drafts, triggering objections from the U.S., although it dropped the demand in the final version.