North Korea’s ‘nascent hacker underground’ playing ‘cat and mouse’ with regime

News

North Koreans seeking greater access to information are engaged in a digital “game of cat and mouse” with Kim Jong Un’s totalitarian regime, according to a new analysis of the country’s telecommunications devices.

The study, conducted by researchers on behalf of US-based non-profit organisation Lumen and seen by the Financial Times, shines a light on North Korea’s “nascent hacker underground”, in which a small number of tech-savvy citizens are trying to circumvent software and monitoring systems installed by the regime on their smartphones.

The North Korean hackers do so at the risk of hard labour, a lengthy spell in a political prison camp or even a death sentence.

“The North Korean government is investing more legal, social, penal and technological resources to keep North Koreans in an information vacuum,” said Jieun Baek, founder of Lumen and a fellow at Harvard University’s Belfer Center.

“Its Achilles heel is for its citizens to learn about the reality that exists outside their borders, and realise that much of what they have been taught by their government are falsehoods.”

Pyongyang has a formidable cyber criminal capability. This month, the US Treasury linked North Korean state-backed hackers to a $615mn crypto heist from players of Axie Infinity, a popular online game.

But while a tiny number of North Korean citizens have access to the internet through select state institutions, the vast majority can only use a national “intranet” contained within the country’s borders.

Many North Koreans have relatively sophisticated Chinese-manufactured, mid-market smartphones that run on Google’s Android operating system.

But the country’s authorities deploy a variety of techniques to control, censor and monitor the information accessible on these devices. They range from a digital certificate system that denies access to unauthorised programs and content to a “Trace Viewer” app that captures and reports random screenshots of citizens’ online activities.

“It’s very interesting why a country like North Korea allows its citizens to have smartphones in the first place,” said Martyn Williams, a fellow at the Stimson Center think-tank in Washington and co-author of the Lumen study.

“The answer is that it can see the value of technology in terms of education and commerce, but every time a new technology is introduced, it gets used in a way the government didn’t intend. It’s a double-edged sword.”

North Korea has a bifurcated telecommunications network: while foreigners can make international calls and access the internet, local citizens can only make domestic calls and access the country’s intranet.

The authors of the study interviewed two North Korean escapees who independently described how groups of friends or associates helped each other to get around state controls on smartphones.

“Smartphones would be connected to a laptop computer via a USB cable to transfer an application on to the phone,” said the report. “If the phone was tricked in the correct way, the application could be transferred and launched without being detected and deleted by the phone’s security software.”

“The motivation for doing this was to bypass phone security and be able to install different applications, photo filters and media files that would otherwise not be permitted,” the report added.

Williams stressed that only a few technically literate North Koreans were capable of deploying such techniques: one of the interviewed escapees had been a programmer for the government, while another was a university student who had access to computers for more than 10 years.

But he said that the activities described by the interviewees illustrated a shift from “circumvention” of state controls to “more aggressive pushback”, even if motivations for unlocking phones ranged from a desire to access information from the outside world to a more prosaic need to achieve greater resale value for their smartphones.

In a sign that the regime is worried about these activities, a 2020 “Reactionary Ideology and Culture Rejection Law”, enacted to punish those found in possession of foreign culture, contained a specific prohibition against “illegally installing a phone manipulation programme”.

“This is a nascent hacker underground playing cat and mouse with the authorities,” said Williams. “It’s still probably very small, but it’s there — and it’s the first time we’ve seen that.”