Paranoid: North Korea’s Computer Operating System Mirrors Its Political One
By REUTERS

SINGAPORE/SEOUL — North Korea’s homegrown computer operating system mirrors its political one, according to two German researchers who have delved into the code: a go-it-alone approach, a high degree of paranoia and invasive snooping on users.

Their research, the deepest yet into the secretive state’s Red Star OS, illustrates the challenges Pyongyang faces in trying to embrace the benefits of computing and the internet while keeping a tight grip on ideas and culture.

The researchers, Florian Grunow and Niklaus Schiess of German IT security company ERNW GmbH, spoke to Reuters before presenting their findings to the Chaos Communication Congress in Hamburg on Sunday, a gathering of hackers and security researchers.

The operating system is not just the pale copy of western ones that many have assumed, they concluded after downloading the software from a website outside North Korea and exploring the code in detail,

“(Late leader) Kim Jong Il said North Korea should develop a system of their own,” said Grunow. “This is what they’ve done.”

North Korea, whose rudimentary intranet system does not connect to the outside internet but allows access to state media and some officially approved websites, has been developing its own operating system for more than a decade.

This latest version, written around 2013, is based on a version of Linux called Fedora and has eschewed the previous version’s Windows XP feel for Apple’s OSX — perhaps a nod to leader Kim Jong Un, who like his father has been photographed near Macs.

But under the hood there’s a lot that’s unique, including its own version of encrypting files. “This is a full blown operation system where they control most of the code,” said Grunow.

This, the researchers say, suggests North Korea wants to avoid any code that might be compromised by intelligence agencies.

“Maybe this is a bit fear-driven,” said Grunow. “They may want to be independent of other operating systems because they fear back doors” which might allow others to spy on them.

Grunow and Schiess said they had no way of knowing how many computers were running the software.

While private computer use is on the rise in North Korea, visitors to the country say most computers still use Windows XP, now nearly 15 years old.

NO TAMPERING

The Red Star operating system makes it very hard for anyone to tamper with it. If a user makes any changes to core functions — like trying to disable its antivirus checker or firewall — the computer will display an error message, or reboot itself.

Red Star also addresses a more pressing concern: cracking down on the growing underground exchange of foreign movies, music and writing.

Illegal media is usually passed from person-to-person in North Korea using USB sticks and microSD cards, making it hard for the government to track where they come from.

Red Star tackles this by tagging, or watermarking, every document or media file on a computer or on any USB stick connected to it. That means that any file could be traced back to anyone who had previously opened or created the file.

“It’s definitely privacy invading, it’s not transparent to the user,” said Grunow. “It’s done stealthily, and touches files you haven’t even opened.”

Such efforts, says Nat Kretchun, an authority on the spread of foreign media in the isolated country, reflect North Korea’s realization that it needs “new ways to update their surveillance and security procedures to respond to new types of technology and new sources of information.”

There’s no sign in the operating system, the researchers say, of the kinds of cyber attack capability North Korea has been accused of.

“It really looks like they’ve just tried to build an operating system for them, and give the user a basic set of applications,” says Grunow. That includes a Korean word processor, a calendar and an app for composing and transcribing music.

North Korea is not the only country to try to develop its own operating system. Cuba has its National Nova, while China, Russia and others have tried to build theirs.

北韓電腦系統「紅星」 外人難入侵

德國ERNW資訊科技安全顧問公司表示，北韓國產的電腦作業系統足以反映平壤當局的高度妄想狂，以及它對使用者的入侵式窺探與控制。

ERNW的葛魯諾與薛斯對北韓的「紅星」電腦作業系統進行歷來最深入的研究後發現，在試圖吸收電腦與網路的好處之餘，平壤當局更想牢牢掌控北韓人民的思想與文化，卻面臨多重挑戰。

兩人自北韓境外的一個網站下載這套軟體後，詳細研究其程式碼。他們說，「紅星」作業系統不只是西方程式碼的拙劣翻版。葛魯諾27日在漢堡舉行的一項歐洲駭客會議中說：「（北韓已故領導人）金正日曾經說，北韓應該自主發展一套系統；這是它的成果。」

北韓自行研發電腦作業系統已經十多年，基本型的內部網路系統不與外界網路連線，但可連結國營媒體與官方核准的部分網站。最新版本約於2013年完成，以Linux的Fedora作業系統為基礎，捨棄Windows XP。

背後卻有一些北韓的特色，包括它自己的加密檔案版本。葛魯諾表示：「北韓可透過這種發展成熟的作業系統控制多數的程式碼。」

這意味，北韓希望避免使用任何可能遭到外國情報機構破解的程式碼。葛魯諾表示：「他們可能希望能夠獨立於其他作業系統之外，因為他們擔心可能使外界有機可趁的漏洞。」

「紅星」作業系統使外人難以侵入及竄改。如果使用者改變任何核心功能，例如試圖破壞它的防毒軟體或防火牆，電腦會顯示錯誤訊息或自動再啟動。

原文參照：
http://www.nytimes.com/reuters/2015/12/27/world/asia/27reuters-northkorea-computers.html

2015-12-28．聯合晚報．A6．國際焦點．編譯陳世欽