The News

Only if it serves the state: North Korea’s online experience

PYONGYANG, North Korea (AP) — Ever so cautiously, North Korea is going online.

Doctors can consult via live, online video conferencing, and lectures at prestigious Kim Il Sung University are streamed to faraway factories and agricultural communes. People use online dictionaries and text each other on their smart phones. In the wallets of the privileged are “Jonsong” or “Narae” cards for e-shopping and online banking. Cash registers at major department stores are plugged into the web.

It’s just not the World Wide Web. This is all done on a tightly sealed intranet of the sort a medium-sized company might use for its employees.

The free flow of information is anathema to authoritarian regimes, and with the possible exception of the African dictatorship of Eritrea, North Korea is still the least Internet-friendly country on Earth. Access to the global Internet for most is unimaginable. Hardly anyone has a personal computer or an email address that isn’t shared, and the price for trying to get around the government’s rules can be severe.

But for Kim Jong Un, the country’s first leader to come of age with the Internet, the idea of a more wired North Korea is also attractive. It comes with the potential for great benefits to the nation from information technology — and for new forms of social and political control that promise to be more effective than anything his father and grandfather could have dreamed of. It also allows for the possibility of cyber-attacks on the West.

Pyongyang’s solution is a two-tiered system where the trusted elite can surf the Internet with relative freedom while the masses are kept inside the national intranet, painstakingly sealed off from the outside world, meticulously surveilled and built in no small part on pilfered software.

The regime created, in other words, an online version of North Korea itself.

___

SURFING THE INTRANET

Rising from Ssuk Island in the Taedong River, which divides Pyongyang east and west, is a building shaped like a colossal atom.

The “knowledge sector” is a key priority for Kim Jong Un, and the sprawling, glassy Sci-Tech Complex, a center for the dissemination of science-related information throughout the country, is one of his signature development projects. It houses North Korea’s biggest e-library, with more than 3,000 terminals where factory workers participate in tele-learning, kids in their bright red scarves watch cartoons and university students do research.

Pak Sung Jin, a 30-year-old postgraduate in chemistry, came to work on an essay. It’s a weekday and the e-library is crowded.

Unlike most North Koreans, Pak has some experience with the Internet, though on a supervised, need-only basis. If Pak needs anything from the Internet, accredited university officials will find it for him. As a scholar and a scientist, Pak says, it’s his patriotic duty to be on top of the most up-to-date research.

He echoes the official condemnation that the Internet has been poisoned by the American imperialists and their stooges. “There ought to be a basic acceptance the Internet should be used peacefully,” he says.

Today, he is relying on the Internet’s North Korean alter ego, the national intranet.

Below a red label that states his black “Ullim” desktop computer was donated by Dear Respected Leader Kim Jong Un, what’s on Pak’s screen is for North Korean eyes only. The IP address, 10.76.1.11, indicates he’s on the walled-off network North Koreans call “Kwangmyong,” which means brightness or light.

Using the “Naenara” browser — the name means “my country” but it’s a modified version of FireFox — Pak visits a restaurant page, his university website, and cooking and online shopping sites.

There are very few actual sites on Kwangmyong. An official at the Sci-Tech Center said they number 168.

They are spread across separate networks for government agencies, schools and libraries, and companies. It’s all domestically run, though government-approved content culled from the Internet can be posted by administrators, primarily for researchers like Pak.

North Korea’s national intranet concept is unique and extreme even when compared with other information-wary countries. China and Cuba, for example, are well known for the extent of control the government exerts over what citizens can see. But that is done primarily through censorship and blocking, not complete separation.

Like most North Korean computers, the desktops at the Sci-Tech Complex run on the “Red Star” operating system, which was developed by the Korea Computer Center from Linux open-source coding.

Red Star 3.0 has the usual widgets: the Naenara browser, email, a calendar and time zone settings, even “kPhoto” (with an icon that looks a lot like iPhoto). Older versions featured a Windows XP user interface but it now it has a Mac design, right down to the “spinning beach ball” wait icon.

Versions of Red Star that have made it out of North Korea and into the hands of foreign coding experts also reveal some rather sinister, and for most users invisible, features.

Any attempt to change its core functions or disable virus checkers results in an automatic reboot cycle. Files downloaded from USBs are watermarked so that authorities can identify and trace criminal or subversive activity, a security measure that takes aim at the spread of unauthorized content from South Korea, China and elsewhere.

Red Star also uses a trace viewer that takes regular screenshots of what is being displayed. The screenshots can’t be deleted or accessed by the typical user but are available for checking if a trained government official decides to take a look.

Outside North Korea, Android phones have a similar trace-viewer feature, noted Will Scott, who taught computer science at the Pyongyang University of Science and Technology in 2013 and is now a doctoral student at the University of Washington. But the Red Star version reflects the regime’s very specific surveillance and violation-busting priorities. It doesn’t collect much more than the Android would; however, it is designed to make getting at that information easier for a local authority who isn’t an expert programmer.

Scott said the North has been “very effective” in using such technology to serve its goals.

Nat Kretchun, deputy director of the Open Technology Fund, said the kinds of censorship and surveillance software in Red Star and the mobile operating systems of phones and tablets reveal a new information control strategy.

Under Kim Jong Un’s predecessors, the flow of information was primarily controlled through a resource-intensive human network — the State Security Ministry’s “thought police,” for example, or Pyongyang’s iconic traffic controllers — that kept tabs on what people were up to. But the advent of the Internet and advances in communication technology poked holes in that strategy, particularly among the better educated, younger and more affluent, the very segment of society that could be most likely to pose a political threat.

So, while maintaining its old school tactics on the ground and enforcing the blackout of the global Internet, North Korean officials have learned to adapt by using the online devices themselves as yet another tool for surveillance.

“In North Korea cell phones and intranet-enabled devices are on balance pro-surveillance and control,” said Kretchun, who has been studying North Korea’s relationship to the Internet for years.

___

THE AZALEA SMART PHONE AND THE RYONGHUNG IPAD

The most common online experience for North Koreans isn’t on a laptop or desktop. It’s on a smart phone.

A decade ago, only a small cadre of select regime and military officials had access to smart phones. Now, according to the main provider’s most recent financial reports, there are an estimated 2.5-3 million mobile phones in North Korea, a country of 25 million.

The rapid spread of mobile phones is one of the biggest success stories of the Kim Jong Un era. After a couple of false starts, the North’s foray into mobile telecoms began in earnest in 2008 under Kim Jong Il. But it has truly blossomed over the past five years with the introduction of 3G services, thanks in large part to two foreign investors — Loxley Pacific of Thailand and Egypt’s Orascom Telecom Media and Technology.

Like the walled-off intranet, North Korea’s phones deny access to the outside world.

Local phones allow North Koreans to call and text each other, play games, surf the domestic intranet and access some other services. Users have hundreds of ring tones to choose from, and can get weather updates, look words up in dictionaries and snap selfies. But they cannot receive or place calls to numbers outside that network — the rest of the world, in other words.

It’s easy enough for North Koreans to buy phones, though the phones must be registered and approved. A good “Pyongyang” or “Arirang” model smart phone costs from $200 to $400. More basic phones go for much less, especially if the phone is second-hand.

On the second floor of the Pottonggang IT center, a clerk stands behind a glass display cabinet filled with tablets and USB flash drives. Signs on the wall behind her advertise anti-virus software and apps to put on mobile phones, which they can do by Bluetooth at the store. One of the most popular apps is a role playing game based on “Boy General,” a locally created hit anime series. It costs $1.80.

Foreigners in North Korea are relegated to a different network and cannot make calls to, or receive calls from, local numbers. They can buy local phones if they want, but the devices will be stripped of the apps and features that they normally carry and securely coded so that the apps can’t be added on later. Wi-fi use is banned for North Koreans, and tightly restricted and monitored to block surreptitious piggybacking on foreigners’ signals.

North Korea undoubtedly imports and rebrands some of its IT products. But over the past few months, two companies have generated quite a stir among Apple fans with products billed to be wholly domestic: the “Jindallae (Azalea) III” mobile phone and the “Ryonghung iPad.”

The gadgets’ insouciant similarity to Apple products, and the flat-out appropriation of the “iPad” name, isn’t especially surprising. Kim Jong Un likes Apple products — he has been photographed with a MacBook Pro on his private jet, and even had a 21-inch iMac on the desk beside him when state media showed him reviewing a nuclear “U.S. mainland strike plan” four years ago.

It seems North Korean coders have also lifted some ideas from Apple.

Outside experts believe a program similar to what Apple uses in its OS X and iOS is believed to be the basis of the booby-trap that thwarts attempts to disable security functions in Red Star. It’s now a staple on North Korean phones. And by 2014, all mobile phone operating systems had been updated to include the watermarking system to reject apps or media that don’t carry a government signature of approval.

It’s the same mechanism used by Apple to block unauthorized applications from the App Store, but in North Korea’s case serves instead to control access to information.

“The stakes are infinitely higher in North Korea, where communications are monitored and being caught talking about the wrong thing could land you in a political prison camp,” Kretchun noted.

___

WIRED ELITES AND CYBERSOLDIERS

While blocking off the masses, North Korea allows more Internet access to a small segment of society, including the country’s elite and its cybersoldiers.

To create a snapshot of the online behavior of the elite, U.S.-based cyber threat intelligence company Recorded Future and Team Cymru, a non-profit Internet security group, analyzed activity in IP ranges believed to be used by North Korea from April to July this year. They found that the limited number of North Koreans with access to the Internet are much more active and engaged in the world and with contemporary services and technologies than many outsiders had previously thought, according to Priscilla Moriuchi, Recorded Future’s director of strategic threat development and a former NSA agent.

“North Korean leaders are not disconnected from the world and the consequences of their actions,” she said.

How deep the access goes isn’t known. Recorded Future and Team Cymru officials contacted by The AP refused to comment on details of their dataset, including how many “elite” users were observed and how foreign tourists or residents in the North were excluded.

Even so, it stands to reason at least some members of the North Korean leadership have the access they need to keep up on world events and that specialist agents are allowed to monitor and cull intelligence from the internet.

There is also strong evidence that North Korea allows people involved in hacking or cyber operations the access necessary for a deep engagement in cyberattacks and cybercrime.

According to the FBI, the North’s bigger hacks include the recent WannaCry ransomware attack, which infected hundreds of thousands of computers in May and crippled parts of Britain’s National Health Service. It has been linked to attacks on the Bangladeshi central bank last year and on banks in South Korea going back to 2013. There was also the 2014 hack of Sony Pictures over the release of the “Interview,” a black comedy that graphically portrayed Kim Jong Un being killed. U.S. authorities recently dubbed North Korea’s cyber presence “Hidden Cobra.”

Weaponizing cyberspace is a logical option for the North because it can be done at relatively low cost and at the same time denied, according to a Congressional report submitted in August.

Pyongyang has denied hacking allegations, but the ability to carry out sophisticated cyber operations is a powerful military weapon in the hands of a state. Just as assuredly as North Korea is developing its nuclear and missile capabilities, most experts assume, it’s honing its cyber warfare tool box.

Beau Woods, the deputy director of the Cyber Statecraft Initiative at the Atlantic Council, cautioned of a “preponderance of question marks” regarding North Korea’s cyber skills. But he warned of how potentially devastating a more cyber-active North Korea could be.

Those concerns are turned on their head back at the Sci-Tech Center in Pyongyang.

Pak, the chemist, supports the official line in North Korea that the increasing danger of cyberattacks and slanderous Internet propaganda comes from the U.S. against Pyongyang. The government says that justifies “protective” walls to shield the masses from aggressive propaganda, and virtually requires extensive cybersecurity measures in the name of national defense.

“Don’t you see how severe the anti-Republic slander of our enemies on the Internet is?” Pak said, although the restrictive policies make it difficult for him to carry out his research. “There are a lot of cases where the Internet is being used to raise hostility against us.”

___

Talmadge has been the AP’s Pyongyang bureau chief since 2013 and has traveled to the North more than 40 times. Follow him on Twitter at EricTalmadge and Instagram @erictalmadge.