In late December, Will Scott, an American computer scientist who once taught at the Pyongyang University of Science and Technology (PUST), launched an ambitious effort to create an open library of North Korean software.
The site is called the “Korea Computer Center,” somewhat cheekily borrowing the name of Pyongyang’s main computer programming center. It features items from Scott’s collection of North Korean software, providing a rare opportunity for users to examine it first hand and learn more about the country’s IT infrastructure. It will also act as a depository for other users who might have North Korean software and devices to share information and deepen the open source understanding of the hardware and software ecosystem inside the country.
Upsides and Downsides to Greater Scrutiny
The site was launched in conjunction with what has become an annual discussion of North Korea’s consumer technology at the Chaos Computer Club’s annual conference in Germany. The first lecture was in 2014, when Scott first introduced the Red Star Operating System (OS), and was followed in 2015 and 2016, with hackers providing a fascinating glimpse into North Korea’s electronic document control and tracking systems built into its operating systems.
However, much can be learned about North Korea’s domestic IT landscape from further examination of its software. For instance, the way that devices have been programmed to access the national intranet can tell us something about its structure and the security settings will provide detail on how much network-level surveillance takes place. For organizations interested in infiltrating North Korea with information, such data can be very valuable.
Perhaps controversially, Scott also understands that programmers will discover bugs and publish them, which means that North Korean computer scientists will also learn from this examination and may be able to patch their software.
“The current situation is the worst-case scenario for them,” he said. “They have to assume that foreign intelligence agencies have access to their devices because they know things are getting exfiltrated. But those things aren’t public so, from Korea’s perspective, foreigners are going to figure out what the bugs are and install malware, but they don’t get the benefit of more eyes looking at it.”
Scott said that from this project, North Korean programmers will also get a “free backchannel” of what may need improvement in the next version. While this may not be the effect that foreign intelligence services would like to happen, he thinks the benefits outweigh the risks.
Specs and Findings
At the time of the website’s launch, Scott’s collection showed that North Korea has made impressive advancements since the original Red Star OS days.
One of the releases is a full software image of a Pyongyang 2407 Android smartphone. The 8GBs of files include the basic Android operating system and all of the customized files that North Korean programmers added to the phone.
Pyongyang 2407 was made by Gionee Communication Equipment, a major Chinese smartphone producer. The same phone is on sale in India as the Gionee V5, which means the phone image can be loaded onto an Indian model to recreate the Pyongyang 2407 experience. Armed with the appropriate technical skills, a programmer could do this to investigate the various modifications and controls added to Android by North Korean programmers.
There are also Android apps from a Samjiyon tablet, including an encyclopedia, a cooking app, a dictionary and a library of works by Kim Il Sung and Kim Jong Il. The apps were custom-written for the Samjiyon so many won’t run easily on other Android devices as of yet.
“The hope is that it will inspire some people to modify the apps so they are installable on any device,” Scott said. He hopes people will do this “because they think it’s cool and will make it more accessible.”
He’s also uploaded 4GBs of North Korean educational texts in PDF format that span several subjects but are centered on computer science.
Through those we see, for example, some screenshots of the domestic intranet.
Here’s a low-resolution shot of the Kwangmyong service from 2001.
And an email app from the same era:
And a more contemporary look from 2010:
By examining the books, it’s clear that some are translations of foreign texts. Some have even appeared within a year of them being published in English—a sign that North Korea is serious about current programming techniques.
“This is evidence that they are really keeping up with what the outside world is doing in terms of their focus on taking these external knowledge curriculum and text books and bringing it into their internal education system,” explained Scott.
In publishing the PDF files, the team running the site had to strip out tracking code that had been inserted into the files by the Red Star OS. The software adds a hard-drive serial number to files when they are opened, potentially allowing the government the ability to determine all the computers on which a file has been viewed.
With the initial website launch, Scott is hoping that people will do more than just download the files. “There’s a lot of people who have various devices out there, and there has been a huge reluctance to share stuff,” he said. He hopes other people with North Korean software, apps and devices will get in touch and send or lend the things to his team so they can duplicate the data. If it’s safe to release, they’ll add it to the website’s collection.
The files are available via BitTorrent links. To download them, you’ll need a BitTorrent client on your computer, such as µTorrent that runs on Windows, Mac and Linux.