Researchers present operation of North Korean operating system

Two German security researchers have taken a closer look at the North Korean operating system Red Star. The Fedora 11-based Linux system monitors every change users make and watermarks files.

The two researchers presented their research at the Chaos Communication Congress, which is currently taking place in Hamburg. The investigation shows that North Korea “wants to keep every aspect of the system in its own hands.” In 2010, there were already reports that the country was working on its own operating system. The system is based on the linux distribution Fedora 11 and uses a kernel from 2011. The design is very similar to OS X, while the version that came out in 2010 was more like Windows XP. There would be indications that the system was made by ten developers.

The researchers, who work for the German IT security company ERNW, further state that the operating system provides each new file with a ‘watermark’, without the user noticing this. This would make it possible to keep track of where a particular file came from and who opened it. There is also said to be a daemon running on the system that monitors the md5 hashes of critical files. As soon as a change occurs, the computer will restart immediately.

In addition, the system would be equipped with its own firewall and antivirus software, which retrieves new definitions from a server in North Korea. It would even have its own version of aes encryption used by the system. In the researchers’ opinion, the system is the result of an attempt to provide North Korean citizens with an operating system with various basic functionalities and extensive control options. There would be no indication that the system could be used for Internet attacks.