Electronic Weapons: Two Lines, No Waiting

Archives

October 14, 2017: On October 1st North Korea established a second link to the worldwide Internet via Russia. This link is via a fiber optic line that extended to the North Korean border along the Russian railroad (which is how Russia has long strung long distance telephone and telegraph access). The Chinese fiber optic link near the west coast remains thus for the first time North Korea has two high speed connections to the international Internet. As much as North Korea fears the Internet, especially given its vulnerabilities North Korea eventually figured out (with a little help from Russia and China) that the Internet has many benefits for those with the proper attitude. North Korea found that while restricting Internet access for North Koreans it could create an elite group of Cyber Warriors who could make lots of money, obtain your enemies military, diplomatic and technology secrets. Meanwhile it was relatively easy, especially for a brutal police state, to leave your victims with insufficient evidence to pin the blame on the North Korean hackers. But with success comes new demands, like more high speed Internet access to the outside world.

North Korea didn’t get its first high speed link until 2010 when the Chinese link was established. Before that there were so few North Korea users of the worldwide Internet that the only link to the outside was an expensive satellite link that actually saw very little traffic. The only other time North Korea had two international Internet connections was in 2012 when, for a year, the second link was available via a satellite service. Having two high speed links makes North Korea less vulnerable to being completely cut off in an emergency while keeping North Korean vulnerability to attack via the Internet. Moreover the growing number of sanctions against North Korea (the price of success…), especially those now enforced by China, means it is safer to bring home North Korean hackers that had been operating outside the country.

There are only a few thousand North Korea Internet users who have permission to access the international Internet and that use is monitored by the secret police. Even with the monitoring and few users any increased international access makes North Korea more vulnerable. This was demonstrated in late 2016 when the “hack proof” North Korean Red Star PC OS (operating system) was hacked. Where there is one vulnerability there are many, at least when it comes to exploits (OS vulnerabilities) that allow hackers to get in via a network. When it comes to hacking North Korea prefers to give and not receive.

Many Internet security experts saw this North Korean misfortune as inevitable after the 2014 decision to increase Internet access and computer use for North Korean students and trusted members of the population. Most of these users only have access to the North Korean Internet. But to obtain new people for the elite hacker teams you have to expose a lot of promising candidates to PCs and a safe version of the Internet.

This safe local Internet is called “Bright” and consists of a few thousand web pages on nearly fifty different websites, all hosted within North Korea and mostly containing educational or propaganda material plus government announcements of importance. The news sites on Bright give the government version of the news. Discussion is permitted, but constantly monitored for disloyalty. Bright is isolated from the international Internet and access to Internet sites outside North Korea is strictly monitored, as is email sent or received from outside the country.

Anyone who misuses either Bright or the international Internet access is severely punished. Thus while Internet access is sought, it is also feared. Yet even is such a closely monitored police state as North Korea access to the international Internet is becoming more important. Now that there are sanctions limiting the number of North Koreans who can be working outside the country it is even more important to have more international Internet access from North Korea itself.

Since the 1990s North Korea has been seeking out more people with a talent for using the Internet, primarily for espionage and cyber (Internet based) combat and crime (to raise money for the nukes and missile work). Since the early 1990s North Korea has been training a small number of people (a few hundred a year) as network engineers and hackers. Once the Internet became a big deal in the late 1990s North Korea increased training activity but found few North Koreans had any exposure to the Internet or PCs. At that point more and more of the elite families (a few hundred thousand people) began acquiring personal computers. The youngsters in those families, like kids everywhere, took to this new technology. The current (since 2011) North Korean leader, Kim Jong Un, was only 31 years old when he took over and grew up during all this and is a big fan of PCs and all manner of tech. He is mainly responsible for the increased access to the Internet for more North Koreans.

Kim Jong Uns father, who ran the country from 1994 to 2011 was also a tech fan and understood the usefulness of the Internet. But he also feared the Internet, as does his son. In 2010 the secret police were ordered to crack down on North Korean PC users (a few percent of the population, most belonging to the ruling Communist Party elite) who were still using copies of Windows XP (a pirated, Chinese language, version) operating system. That crackdown was because the government had banned the use of Windows in 2009. In that year North Korea ordered everyone to switch to a new operating system, a version of Linux (Red Star) in the Korean language with a graphical interface that was very similar to Windows XP. The secret police wanted the Chinese language version of Windows gone in order to make it more difficult for North Koreans to communicate in Chinese, and to watch videos (XP was much better equipped for video than the new Linux OS). Red Star 2.0 appeared in 2011 with an interface similar to that found in Windows 7. The latest Red Star 3.0 appeared in the last year with an interface that looks like Mac OS 10. As of late 2017 it is known that a Red Star 4.0 exists and is being field tested.

What North Korea is more worried about than getting hacked is North Korean Internet users sending and receiving files, especially media files from China or North Korea. That’s not a problem because North Koreans eager to obtain foreign video and music have a less risky source. It works like this. Until recently there were over 100,000 North Koreans legally working in China and Russia and when they return home for a visit or for good they have found it very profitable to buy Micro SD cards and fill them with foreign music and videos. The Micro SD cards are the size of a fingernail and easy to hide. It is impossible to search returning North Koreans (and all their clothing and other goods coming home with them) for illegal Micro SD cards. So these get in. Even with most of those foreign workers being sent home and not replaced (because of sanctions) there is still enough traffic between North Korea and China (and Russia) plus several dozen embassies overseas to obtain this material.

While overseas the North Koreans can buy Micro SD cards for much less than a dollar per gigabyte and fill it up with thousands of hours of high quality video. Some of that video, software and music will be the latest stuff which can be sold to distributors in North Korea who sell this illegal content on the black market. Currently these Micro SD cards are available in sizes up to 128 GB (at affordable prices).

Then there’s also illegal use of Chinese cell phones which, when used near the Chinese border can connect to the Chinese Internet and the world. North Korea has been pretty successful in keeping the Internet and PCs out of the country but to keep the economy going in the 21st century both these technologies are needed, at least in small quantities. The problem is that you can never obtain complete control over what people will do with these technologies. And then there are the hackers, especially the foreign ones.

North Korean hackers have also figured out how to move hidden malware via these Micro SD cards which are left where some foreigner can find it and then, as foolish foreigners are wont to do, install the card in their smart phone to see what is there.