Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside North Korea's Naenara Browser

Posted by timothy on from the threat-is-right dept.

msm1267 (2804139) writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."

10 of 159 comments (clear)

  1. The future of the internet, really by Anonymous Coward · · Score: 4, Funny

    IPv6 will never take off, so in the end we'll be bridging national internets just like this one.

  2. Wow by Anonymous Coward · · Score: 5, Funny

    I didn't think it was possible to make the Internet Explorer and Windows XP I'm forced to use at work seem like a privilege. Congrats, North Korea. You pulled it off.

  3. In Soviet Korea by XxtraLarGe · · Score: 5, Funny

    The internet browses YOU!

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
  4. This is horrible by Minwee · · Score: 5, Funny

    This means that North Korea is VIOLATING RFC 1918! Forget all that other stuff, this must be stopped by any means necessary!

  5. Non-reachable yet still slashdotted by rs1n · · Score: 5, Funny

    I like how the summary posts the non-reachable IP address just so we can slashdot it anyway.

    1. Re:Non-reachable yet still slashdotted by steveo777 · · Score: 4, Funny

      Nothing stops you from creating your own host at 10.76.1.11. And then slashdotting the SOB

      --
      This sig isn't original enough, it's time to come up with something witty...
  6. Re:The Narnia Browser by wonkey_monkey · · Score: 3, Funny

    Kim Il-Sung invented English in 1976 to stunt the intellectual development of the Western world.

    --
    systemd is Roko's Basilisk.
  7. Re:Why is this surprising? by Anonymous Coward · · Score: 3, Funny

    DPRK has one network under central control, much like a large corporate entity... it's not like there is a choice of ISPs who have to link with each other!

    Anyways, the DPRK internet as used by the those DPRK citizens (still a very small percentage of the overall population) is completely airgapped from the public internet as we know it. Only a very very small number of elites have access to the 'real' internet...

    So the DPRK is using AOL's old business model? That is EVIL!

  8. Re:Conclusion goes too far? by gstoddart · · Score: 4, Funny

    One of the funniest things I ever saw on a corporate network:

    A manager had a bunch of machines in his office, and IT couldn't/wouldn't add any more network drops for him. So, he bought a little router. It turns out that the 192.168.* addresses it gave to his machine corresponded exactly to the ones the Exchange servers used, and something about the NAT crossed some signals.

    Once they pieced together why email had stopped working, they immediately put a ban on those things, and immediately got him a switch which didn't do DHCP so he could have more networking in his office.

    The whole time the developers were howling and thinking "really, that's the IP addresses they chose for critical infrastructure? The first one in the open pool?"

    Everything defaults to starting at 192.168.0.1, which means if you're using it you might not like the results.

    --
    Lost at C:>. Found at C.
  9. Re:Translation pls. by mythosaz · · Score: 3, Funny

    Gilgamesh and Enkidu, at Uruk.

    Darmok and Jalad at Tanagra.