A hacker recently posted a leaked copy of the current release of North Korea’s state-developed RedStar OS, along with the state-developed Naenara browser. Robert “RSnake” Hansen of Whitehat Security dug in to check it out, and discovered some weird behavior that reveals that the entire nation of North Korea seems to be set up like a corporation–as a single intranet.
I wrote about the bizarre findings in this blog post:
North Korea is…interesting. I’ve never been to North Korea, so I don’t have any firsthand experience to share, but from the outside, the reclusive nation seems like it’s a real-life incarnation of George Orwell’s 1984—with pervasive control and manipulation of its population. Robert Hansen, VP of WhiteHat Labs at WhiteHat Security, recently learned that the scope of the North Korean government’s control of its people seems to extend even to its state-developed operating system and Web browser.An anonymous hacker going by the moniker “Slipstream” uploaded the newest version of North Korea’s RedStar operating system to Pastebin last week. RedStar is a custom Linux fork developed to mimic the look and feel of Mac OS X. It also includes Naenara—North Korea’s custom Web browser that appears to be a variant built off of an old Firefox release.
The browser is the main thing that caught Hansen’s attention. More specifically, some bizarre behavior of the browser. In a blog post detailing his findings, Hansen explains, “When I first saw an image of the browser I was awe-struck to see that it made a request to an adddress (http://10.76.1.11/) upon first run. That may not mean much to someone who doesn’t deal with the Internet much, but it’s a big deal if you want to know how North Korea’s Internet works.”
Why is that notable? IP addresses that begin with 10.* or 192.168.* are not routable on the public Internet. They are IP ranges that businesses typically use internally to minimize the number of public-facing IP addresses. Home routers also typically issue IP addresses on the 192.168.* range to devices inside the house so they can all share the single public IP address of the connection to the ISP. Essentially, all of North Korea is one giant Intranet.
Check out the complete story on CSOOnline: RedStar OS reveals all of North Korea is one giant intranet.
- Igor Volovich Chats about Cybersecurity Compliance and Accountability - January 31, 2023
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023