Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside North Korea's Naenara Browser

Posted by timothy on from the threat-is-right dept.

msm1267 (2804139) writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."

7 of 159 comments (clear)

  1. Wow by Anonymous Coward · · Score: 5, Funny

    I didn't think it was possible to make the Internet Explorer and Windows XP I'm forced to use at work seem like a privilege. Congrats, North Korea. You pulled it off.

  2. In Soviet Korea by XxtraLarGe · · Score: 5, Funny

    The internet browses YOU!

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
  3. This is horrible by Minwee · · Score: 5, Funny

    This means that North Korea is VIOLATING RFC 1918! Forget all that other stuff, this must be stopped by any means necessary!

    1. Re:This is horrible by Tukz · · Score: 5, Insightful

      Well, they ARE using it for a private network....of sorts.

      --
      - Don't do what I do, it's probably not healthy nor safe. -
  4. Non-reachable yet still slashdotted by rs1n · · Score: 5, Funny

    I like how the summary posts the non-reachable IP address just so we can slashdot it anyway.

  5. Re:Correct me if I'm wrong... by Howitzer86 · · Score: 5, Interesting

    People obsess over this idea that North Koreans must be hacking from within North Korea, and that there's no way they could realistically do it because their connection bandwidth is so puny. They forget that North Korean government is really an organized criminal syndicate with a huge military and slave labor base. They likely have vast criminal connections. All they have to do is hire sympathetic South Korean hackers on the condition that they do their work under the North Korean banner. When all is said and done, the North Koreans come out looking like bad asses you don't want to mess with, when in reality they just farmed the work out using basic email, a courier, and a satellite phone.

    We could break their internet access forever, with a never ending DDOS, and it wouldn't matter one bit.

  6. Re:Translation pls. by EuclideanSilence · · Score: 5, Informative

    There are some addresses on the internet that are only associated (except for misuse) with 1 device, these are "public IP".

    There are some addresses on the internet that are intended to be associated with multiple devices, these are "private IP".

    Private addresses can only be "seen" on a local network, so only one instance of a private address per local network. If you ask for a connection to a private address and the local network doesn't have it, your network won't make any connection for you (even though hypothetically there is several people in the world on other local networks with that address).

    It's like being at a family reunion and asking for "John", and not getting a response because no one there is named John, even though a lot of people in the world share that name. On the other hand, if you ask for "Gilgamesh", well then people know to send you to ancient Sur, even though no one in your family is named "Gilgamesh". John is a private reusable identifier, Gilgamesh is a public unique identifier.

    The consequence of this is that to run a service for which machines from outside of your local network can connect to, you have to associate the service with a public address. Due to North Korea being one gigantic "local network" (something that usualy only exists on the scale of homes and companies), no one in the world can request a connection to anyone in North Korea, unless a public address/port pair is preallocated to that person. NKoreans can still request connections to the rest of the world, assuming that the routers on the edge of their private network can remember all those connections. For a healthy country, remembering so much would be almost impossible, but for North Korea, it is a sign of how few people can make Internet connections to the rest of the world.