Tuesday, April 6, 2010

The Quickening

'North Korean software' revealed

Details of a home-grown computer operating system developed by North Korea have emerged. Information about Red Star, as it is known, was made public by a Russian blogger studying in North Korea, who bought the program off the street.

Further analysis by a government institute in neighboring South Korea said the operating system is aimed at monitoring user activity. However, very few North Koreans own a computer or have internet access.

Web content is also heavily censored. It is designed "to control [North Korea's] own information security", a report by South Korea's Science and Technology Policy Institute (STPI) said.

"Due to few applicable programs available, Red Star will not even be easily distributed in North Korea," it added.

The Russian blogger, identified only as Mikhail, said Red Star could be bought in Pyongyang for around $5. He has also posted a series of screen shots on his blog.

The operating system represents the determination of North Korea to advance its own computer technology, based on its "Juche" self-reliance philosophy.

The Red Star operating system uses a popular Korean folk song as its start-up music and numbers years using a calendar which starts counting from the birth of state founder Kim Il-sung, making 2010 the 99th year.

It is Linux-based but is heavily influenced by Microsoft with versions of the software giant's Office programs, including several familiar games. It runs only in the Korean language and takes 15 minutes to install, reports said.

It has games, an e-mail system known as Pigeon and a Mozilla's Firefox internet browser - which has the North Korean government website as a home page. The US government has banned the uploading and downloading of open source code to residents of a handful of countries on its sanctions list, which includes North Korea.

The STPI report also said that North Korea has launched a cyber-war unit that targets sites in South Korea and the US. In July last year South Korea experienced a wave of cyber-attacks which attempted to paralyze a number of websites. US websites including the Pentagon and the White House were also targeted.

Reports suggested that the attacks might have originated in North Korea.

Shadow cyber spy network revealed

A "complex cyber-espionage" network that penetrated various organizations including the Office of the Dalai Lama, has been uncovered by researchers.

The shadow network targeted government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US, among others. It was used to steal at least 1,500 emails from the Office of the Dalai Lama, the researchers said.

The attacks were thought to originate in the city of Chengdu in China. Specifically, the researchers, from the Information Warfare Monitor and the Shadowserver Foundation, said they had evidence of "links between the Shadow network and two individuals living in Chengdu".

Information Warfare Monitor comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies. The individuals were identified by e-mail addresses and are thought to be part of China's "underground hacking community".

The network was outlined in a report called Shadows in the Cloud.

"The social media clouds of cyberspace we rely upon today have a dark, hidden core," said Professor Ron Diebert, director of the Citizen Lab at the University of Toronto's Munk Center, launching the report.

"There is a vast, subterranean ecosystem to cyberspace within which criminal and espionage networks thrive."

He said the network had reached into the "upper echelons of the Indian security establishment" and should act as a "wake up call" to governments to co-operate on cybersecurity. The team said its eight-month investigation showed no "hard evidence" of the involvement of the government of the People's Republic of China,

"An important question to be entertained is whether the PRC will take action to shut the Shadow network down," the report said.

China's Foreign Ministry spokeswoman Jiang Yu told a press conference that the country was "firmly opposed" to hacking

"We have from time to time heard this kind of news. I don't know the purpose of stirring up these issues," she said.

She added the researchers have not formally contacted China, although the researchers said they had contacted the country's Computer Emergency Response Team (Cert).

"We would expect that kind of statement," said Professor Diebert.

"Have a look at that report and make up your mind whether you think it is groundless."

The researchers said that the network - known as a botnet - exploited social networking and cloud computing platforms, "including Google, Baidu, Yahoo, and Twitter" to infect computers with malicious software, or malware.

This allowed hackers to take control of the PCs of several foreign ministries and embassies across the world. A more complex network of "command and control" computers was used to control the infect computers. In 2009, the team previously exposed GhostNet, a massive network that was found to have infiltrated 1,295 computers in 103 countries. That investigation had started at the request of the Dalai Lama, Tibet's spiritual leader.

The new investigation showed that his office had been targeted again, with more than 1,500 letters sent from the Dalai Lama's office between January and November 2009 recovered by the team.

The researchers said that they had also recovered a number of documents that were in the possession of the Indian government, including two documents marked "secret", six as "restricted", and five as "confidential".

Recovered documents included Canadian visa applications. The team said they had no direct evidence that they had been stolen form Indian Government computers. Instead, they said, the documents may have been stolen after being copied onto personal computers.

In addition, the researchers found evidence that the hackers had targeted the United Nations Economic and Social Commission for Asia and the Pacifc (UNESCAP). However the team said the hackers had been largely "indiscriminate in what they took".

"The attackers disproportionately took sensitive information but also took financial and personal information," the team said at launch.

The team said the investigation is ongoing.

STPI; Citizen Lab; UNESCAP

No comments: