Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

North Korea’s Red Star OS – Government Surveillance at Its Best

North Korea has developed its own computer operating system, dubbed Red Star OS, which represents the dream software for any government looking for the tightest surveillance on individuals, researchers claim.

North Korea has developed its own computer operating system, dubbed Red Star OS, which represents the dream software for any government looking for the tightest surveillance on individuals, researchers claim.

The third version of the operating system leaked online last year, German researchers Florian Grunow and Niklaus Schiess decided to have a closer look at it and to present their findings (PDF) at the recent Chaos Communication Congress. They found that the platform not only limits users to a government approved view of the world, but that it also tracks files placed on USB drives.

The operating system was initially based on the 2009 Linux version Fedora 11, but was updated to Fedora 15 in 2011, and may have received other updates as well, with the publicly leaked build having the feel and look of a Mac OS, the researchers note. Furthermore, the platform has also been developed for servers, and the researchers discovered that it includes significant privacy invading custom code, making it a great tool for the government to spy on users.

In their presentation, available in the video embedded below, the researchers revealed that North Korea has created an operating system that suppresses free speech, and that users cannot make modifications to the platform’s core functions, otherwise the system would display an error or will reboot itself.

The first surveillance capability of the Red Star OS manifests in the form of a watermark applied to all files that are placed on USB drives, regardless of whether they have been created on a machine running the OS or not. All photos, videos, docs, and other files on the drive are marked, which allows the government to track who has them and who opens them, even on other machines.

Files are sometimes marked even if they haven’t been opened, as long as they are on a USB drive that has been attached to a Red Star OS-running computer. Called opprc, the watermarking function also encrypts the hard disk serial number using DES encryption, while also adding a lot of null bytes to different file formats, such as .docx.

Furthermore, the researchers explained that the operating system includes a series of custom applications, such as the Naenara browser, a Bokem crypto tool, Sogwand Office (a version of Open Office), swmng (Software Manager), MusicScore for composing music, and rootsetting for getting root access. Moreover, the researchers discovered that the platform’s KDM is also a modified one.

The OS features a daemon that checks the integrity of various files, mostly system related files, and includes signatures for some custom Red Star files. It can perform checks at boot-up or run-time, can log the output, and prints error messages when integrity checks fail.

Advertisement. Scroll to continue reading.

Additionally, the platform includes a securityd that mimics the one present in Mac OS and which features a function to validate the OS, integrity checking, and hardcoded MD5 checksums. The KDM calls the validate_os() function at startup and reboots if the process fails, which reveals that users are not allowed to make modification to the platform’s core capabilities.

According to the researchers, this also shows that the country is in full control of the platform’s code, and that it was focused on building a platform that was completely independent from any code that could otherwise compromise said control. The platform closely monitors every user actions and was designed to resist any modification attempts.

The Red Star OS, however, also includes its own firewall and antivirus system, scnprc, which features a GUI that looks just as a regular virus scanner, and which can be automatically triggered when opening files. Designed to detect and delete malicious files, the virus scanner keeps signatures in a file that cannot be read even by root, and the researchers suggest that the application’s creators are those who decide what files are marked as malicious.

The researchers suggest that there were no backdoors found in the OS, mainly because they can be implemented via updates and because the ISO could be leaked, which has already happened.

Overall, the two researchers conclude that the Red Star OS was indeed created to oppress free speech, and that the watermarking feature, which tracks both origin and distribution of files, including who opened them, was meant to prevent free distribution. The watermarking was clearly meant to track media file formats, including JPG, PNG, AVI, and more, in addition to Office documents.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.