Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday July 21 2015, @03:19AM   Printer-friendly
from the you-didn't-really-trust-them-did-you? dept.

ERNW security analyst Florian Grunow says North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags.

The operating system, developed from 2002 as a replacement for Windows XP, was relaunched with a Mac-like interface in 2013's version three. The newest version emerged in January 2015.

Grunow says files including Microsoft Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers.

"When analysing the OS the first thing that came to our attention is that they have built an own kernel module named rtscan. There is a binary running that is named opprc and a few more binaries, one that seems to simulate/pretend to be some kind of 'virus scanner' and seems to share some code base with opprc," Grunow says.

"The first thing that came to our attention when looking at the functions in the binary was gpsWatermarkingInformation.

"Creating and using media files and documents on RedStar OS can get you into trouble if you are living in North Korea; do not assume that the files can be kept private and cannot be traced back to the creator."

Grunow says the operating system does not watermark files created with the open source OpenOffice word processing suite.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by Anonymous Coward on Tuesday July 21 2015, @09:24AM

    by Anonymous Coward on Tuesday July 21 2015, @09:24AM (#211852)

    This is adding a hardware ID to the document. It's not a surveillance tool, it's an identification/evidence generation tool. So if they find a document they don't like, they'll read out the hidden ID and look it up in their database of domestic hardware IDs (which I'm sure they have). Your "noise" document will not show a hit in that database (but frankly, it probably won't even get to the point of being tested, because it most likely will not pass the relevance filter). However if they come across a dissident document, they'll find the ID in their database, and then can directly go after that dissident.

    If you want prevent someone finding a needle in the haystack, adding more hay will help. But if you want to prevent someone identifying the needle they already found, more hay will not help.

    Starting Score:    0  points
    Moderation   +4  
       Insightful=2, Informative=2, Total=4
    Extra 'Informative' Modifier   0  

    Total Score:   4