North Korea Able to Track Digital Files?

| published December 29, 2015 |

By R. Alan Clanton, Thursday Review editor

According to the BBC, the operating system most commonly used by North Korea—Red Star OS—contains hidden code which allows Pyongyang to track the physical location of certain files offline.

North Korea’s Red Star OS was originally developed as essentially a high-functioning bootleg of Apple’s OS X, but Red Star OS was also crafted carefully to allow close control and monitoring of online activity by military and government officials in Pyongyang. German computer code analysts have discovered that documents created, stored, copied or collated using the unique Red Star OS can be tracked very closely by government officials in North Korea, even after those files have been copied to a flash drive or memory device, and possibly even after the files have been extracted and “washed” by experts.

Files can be watermarked, and files copied and reopened on other devices or computers can then be re-identified, allowing North Korean spies to more-or-less track the movement of the document anywhere in the world…in theory. Perhaps more important: the process also allows Pyongyang to track unauthorized files upon the moment they are opened within North Korea.

The North Korean policy of tightly controlling what its citizens read, see, or hear, means that the government has the ability to track data it deems subversive or disruptive among even the tiny percentage of North Koreans who have access to computers, laptops or other digital devices. Unauthorized movies or TV shows, for example, or unauthorized musical recordings, could be tracked from one device to the next, indicating who opened the files, and in what direction the material next moved.

Experts believe that the isolated North Korea has developed the watermark in an effort to crack down on what is believed to be a burgeoning cottage industry among smugglers bringing illegal content into North Korea.

The German researchers identified what they call Red Star OS 3.0, a version in circulation beginning about one year ago, coincidentally around the time that the Sony Pictures Entertainment data breach was generating headlines worldwide.

The revelation that North Korean coders have embedded files with a transferable digital watermark should come as no shock to analysts of the isolated country. The ability to share digital files is now almost unlimited on the world stage as movies, music, books, educational materials, television programs and photos become easier to copy and pass along. Despite efforts to crack down on the unauthorized content north of the 38th parallel, Pyongyang may have deliberately altered its operating system to facilitate domestic spying and enable police to keep tabs of what North Koreans are watching and reading.

The German computer analysts also discovered that the Red Star OS has been crafted to make it extremely difficult to remove the spyware. Attempts to bootleg a path around the watermarking process causes the entire system to reboot.

Though only a small percentage of North Koreans have direct access to computers or laptops (and even fewer have access to the internet), some do have access to newer type televisions and other devices, such as DVD players, Blu-ray players, and streaming devices. Most new electronic devices come equipped with USB portals and slots for other components—meaning that content banned by North Korean officials could still be viewed. The watermark would empower police to track those who circumvent North Korea’s harsh rules. Red Star OS may also be commonly in use in public facilities, such as libraries or schools.

Last year, the White House and the FBI pointed the finger at North Korea for a massive cyberattack on Sony Pictures which crippled the company’s computers and resulted in tens of thousands of files being stolen or disseminated in the media. At that time, however, experts were deeply divided on whether North Korea had the technical skills to have launched such a massive and complex cyber-attack. And some expressed skepticism that in a society with such severe limitations on entrepreneurship and technological trial-and-error, that hackers even existed with the skill set sufficient to wage cyber war on a U.S. company.

In the meantime, North Korea’s digital watermark process indicates that nation’s willingness to take severe steps toward controlling the news, information and content seen by its citizens, and to punish those who deviate from the strict limitations imposed by the isolated country.

Related Thursday Review articles:

North Korea Missile Test May Have Failed; Thursday Review staff; Thursday Review; November 28, 2015.

North Korean Nuclear Program Running Full Speed; Thursday Review staff; Thursday Review; September 15, 2015.

Rocket Fire Traded Between North and South Korea; Keith H. Roberts; Thursday Review; August 20, 2015.