North Korea’s Red Star OS includes a system for tracking files shared offline, researchers have found
An in-depth analysis of North Korea’s Red Star OS operating system has uncovered tracking tools designed to crack down on files shared via portable storage, researchers said.
The operating system, based on Red Hat’s Fedora version of Linux and designed to resemble Apple’s Mac OS X, watermarks files so that they can be traced back to individual users, according to researchers Florian Grunow and Niklaus Schiess of German IT security company ERNW.
“We found that the features implemented in Red Star OS are the wet dream of a surveillance state dictator,” the researchers stated. They presented their findings on Sunday at the Chaos Communication Congress in Hamburg.
The software’s watermarking tools appear to be aimed at cracking down on banned documents and media files, including writings and films, that are shared via USB sticks and other portable memory devices, they said.
It tags every document or media file on a computer and on every removable memory device attached to the computer, whether the user opens the file or not, said Grunow and Schiess. Tagged files can then be more easily tracked back to individual users, they said.
“It enables you to keep track of where a document hits Red Star OS for the first time and who opened it,” Grunow told the BBC. “Basically, it allows the state to track documents.”
The OS also makes it difficult to modify core components, the researchers said. If a user attempts to disable or alter the antivirus software or Internet firewall, the system reboots.
The researchers’ presentation was the first in-depth analysis of Red Star OS 3.0, which surfaced online about a year ago. Its code was written around 2013, they said.
Grunow and Schiess said they have no way of knowing how widely used Red Star OS is in North Korea. Visitors to the country have said that most computers there run on Windows XP, now nearly 15 years old.
Are you a security pro? Try our quiz!