RedStar OS reveals all of North Korea is one giant intranet

north korea snowscape

North Korea is…interesting. I’ve never been to North Korea, so I don’t have any firsthand experience to share, but from the outside, the reclusive nation seems like it’s a real-life incarnation of George Orwell’s 1984—with pervasive control and manipulation of its population. Robert Hansen, VP of WhiteHat Labs at WhiteHat Security, recently learned that the scope of the North Korean government’s control of its people seems to extend even to its state-developed operating system and Web browser.

An anonymous hacker going by the moniker “Slipstream” uploaded the newest version of North Korea’s RedStar operating system to Pastebin last week. RedStar is a custom Linux fork developed to mimic the look and feel of Mac OS X. It also includes Naenara—North Korea’s custom Web browser that appears to be a variant built off of an old Firefox release.

The browser is the main thing that caught Hansen’s attention. More specifically, some bizarre behavior of the browser. In a blog post detailing his findings, Hansen explains, “When I first saw an image of the browser I was awe-struck to see that it made a request to an adddress ( upon first run. That may not mean much to someone who doesn’t deal with the Internet much, but it’s a big deal if you want to know how North Korea’s Internet works.”

Why is that notable? IP addresses that begin with 10.* or 192.168.* are not routable on the public Internet. They are IP ranges that businesses typically use internally to minimize the number of public-facing IP addresses. Home routers also typically issue IP addresses on the 192.168.* range to devices inside the house so they can all share the single public IP address of the connection to the ISP. Essentially, all of North Korea is one giant Intranet.

I spoke with Hansen about his research with the Naenara browser. He reiterated his shock that an entire nation would be set up as a single network sharing an unroutable internal address space. He also suggested that it is probably designed to isolate the users, and make sure the government maintains control.

One of the security concerns people typically run into when connecting to a public Wi-Fi network at a Starbucks or hotel is that every device that is also connected to that same network is potentially able to intercept traffic. The same would hold true for the Internet-surfing citizens of North Korea. Having everyone on a single network makes it that much easier to monitor everyone. Theoretically, it would also make it easier for citizens to snoop on each other, but perhaps that sort of hacking just isn’t an issue in North Korea.

The IP addressing scheme is just one of the curious elements of the RedStar OS and Naenara browser. You should check out Hansen’s blog post to learn more about the rest of the interesting tidbits he discovered.

Hansen’s blog post sums up with, “Ultimately the most interesting takeaway for me personally was what lengths North Korea goes to to limit what their people get to do, see and contribute to — Censorship at a browser and network level embodied in the OS called Red Star 3.0.”


Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)