[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:14.76,Default,,0000,0000,0000,,{\i1}34c3 preroll{\i0}
Dialogue: 0,0:00:14.76,0:00:20.36,Default,,0000,0000,0000,,Herald: The Democratic People's Republic\Nof Korea—or, as most of you know it,
Dialogue: 0,0:00:20.36,0:00:25.27,Default,,0000,0000,0000,,North Korea, is a topic which is\Nalready following us at congress
Dialogue: 0,0:00:25.27,0:00:31.45,Default,,0000,0000,0000,,for four years. It all started\Nin 31c3 with Will Scott,
Dialogue: 0,0:00:31.45,0:00:37.03,Default,,0000,0000,0000,,one of our speakers today, giving a\Ntalk about teaching computer science in
Dialogue: 0,0:00:37.03,0:00:45.12,Default,,0000,0000,0000,,North Korea. The topic was then gone on by\NFlorian Grunow and Niklaus Schiess, who
Dialogue: 0,0:00:45.12,0:00:52.21,Default,,0000,0000,0000,,talked about the Red Star OS and also the\Ntablet PC called Woolim. Today, we will
Dialogue: 0,0:00:52.21,0:00:56.94,Default,,0000,0000,0000,,hear the next episode—we will hear about\Nconsumer electronics in North Korea. We
Dialogue: 0,0:00:56.94,0:01:02.10,Default,,0000,0000,0000,,will take a peek behind the curtain, learn\Nabout the Internet, and the current market
Dialogue: 0,0:01:02.10,0:01:09.28,Default,,0000,0000,0000,,situation there. Our speakers today\Nare Will Scott, a security postdoc, as
Dialogue: 0,0:01:09.28,0:01:16.03,Default,,0000,0000,0000,,well as his friend Gabe Edwards, security\Nconsultant, and they will give us a peek
Dialogue: 0,0:01:16.03,0:01:22.71,Default,,0000,0000,0000,,behind the curtain. So, please, welcome\NWill and Gabe with a big round of applause,
Dialogue: 0,0:01:22.71,0:01:32.43,Default,,0000,0000,0000,,thank you for being here already.\N[Applause]
Dialogue: 0,0:01:32.43,0:01:39.89,Default,,0000,0000,0000,,Will: Thank you, great. So just just to\Nput this in perspective, right, one of the
Dialogue: 0,0:01:39.89,0:01:45.48,Default,,0000,0000,0000,,disclaimers is that the words that get\Nused, especially on this topic often have
Dialogue: 0,0:01:45.48,0:01:52.46,Default,,0000,0000,0000,,a lot of meaning. There there is a reason\Nof that we'll be calling this DPRK or
Dialogue: 0,0:01:52.46,0:01:56.17,Default,,0000,0000,0000,,Korea throughout. That's often the words\Nyou'll hear of people who are dealing with
Dialogue: 0,0:01:56.17,0:01:59.98,Default,,0000,0000,0000,,engagement with the country. North Korea\Nis a term that the country does not call
Dialogue: 0,0:01:59.98,0:02:06.12,Default,,0000,0000,0000,,itself, but rather is what typically more\Nadversarial countries use to talk about it
Dialogue: 0,0:02:06.12,0:02:12.08,Default,,0000,0000,0000,,as an occupying presence. So that that\Nlanguage is is this weird quirk that
Dialogue: 0,0:02:12.08,0:02:18.32,Default,,0000,0000,0000,,exists here. So yeah, we're going to talk\Nsome about what consumer technology looks
Dialogue: 0,0:02:18.32,0:02:22.66,Default,,0000,0000,0000,,like and how it's evolving and what's\Ngoing on there. I think we're pretty
Dialogue: 0,0:02:22.66,0:02:30.63,Default,,0000,0000,0000,,excited about this. I want to start by by\Nsetting a little bit of context. This is
Dialogue: 0,0:02:30.63,0:02:35.57,Default,,0000,0000,0000,,the science of technology complex that\Nopened in 2015. It's in an island in a
Dialogue: 0,0:02:35.57,0:02:40.39,Default,,0000,0000,0000,,river to the south side of Pyongyang, it's\Nstill in the main city. There was a pretty
Dialogue: 0,0:02:40.39,0:02:44.49,Default,,0000,0000,0000,,major construction project; it went on for\Nabout a year before they opened this. In
Dialogue: 0,0:02:44.49,0:02:48.11,Default,,0000,0000,0000,,the lobby they've got this nice\Ndiorama of what the building looks like.
Dialogue: 0,0:02:48.11,0:02:52.57,Default,,0000,0000,0000,,It actually … this is the rest of the\Nlobby—it looks pretty modern.
Dialogue: 0,0:02:52.57,0:02:56.87,Default,,0000,0000,0000,,They have this sort of plain pastel\Nscheme that you actually see a lot in in
Dialogue: 0,0:02:56.87,0:03:02.87,Default,,0000,0000,0000,,modern architectural construction there.\NSo so if you go into the new water park or
Dialogue: 0,0:03:02.87,0:03:06.70,Default,,0000,0000,0000,,the boat restaurant that they've opened in\Nthe last couple of years you see the same
Dialogue: 0,0:03:06.70,0:03:14.15,Default,,0000,0000,0000,,design styling. This building is part\NScience Museum—it has a bunch of sort of
Dialogue: 0,0:03:14.15,0:03:20.51,Default,,0000,0000,0000,,interactive exploratory exhibits that you\Nmight have a class of children come
Dialogue: 0,0:03:20.51,0:03:26.93,Default,,0000,0000,0000,,through to learn. It also has lecture\Nhalls, and it also has a library. And and
Dialogue: 0,0:03:26.93,0:03:31.01,Default,,0000,0000,0000,,when you look at parts of it are that are\Nthe library you see a ton of computers.
Dialogue: 0,0:03:31.01,0:03:36.79,Default,,0000,0000,0000,,Right, this this is a … technically … there,\Nthere is technology here. And and the
Dialogue: 0,0:03:36.79,0:03:40.72,Default,,0000,0000,0000,,thing that is really, I think, fascinating\Nand revealing about where we are in terms
Dialogue: 0,0:03:40.72,0:03:44.35,Default,,0000,0000,0000,,of our understanding of this country is\Nyou look at these computers and yet again
Dialogue: 0,0:03:44.35,0:03:49.90,Default,,0000,0000,0000,,we see this thing that doesn't look\Nfamiliar. This isn't Red Star, it's not
Dialogue: 0,0:03:49.90,0:03:53.17,Default,,0000,0000,0000,,quite anything that looks like the tablets\Nwe've seen. That's that's a desktop
Dialogue: 0,0:03:53.17,0:04:00.84,Default,,0000,0000,0000,,monitor. And it's not Windows or Mac. It's\Nyet again something new. And in fact,
Dialogue: 0,0:04:00.84,0:04:06.15,Default,,0000,0000,0000,,playing with this, you find that it's\NAndroid that's that's been put in this
Dialogue: 0,0:04:06.15,0:04:11.50,Default,,0000,0000,0000,,custom bezel. It has a keyboard and mouse,\Nbut it's got an Android taskbar at the top
Dialogue: 0,0:04:11.50,0:04:16.82,Default,,0000,0000,0000,,to let you know what apps are there and\Nit's yet another … they have special cased
Dialogue: 0,0:04:16.82,0:04:23.14,Default,,0000,0000,0000,,and customized a distribution that works\Nfor this purpose. And I think we … for
Dialogue: 0,0:04:23.14,0:04:28.98,Default,,0000,0000,0000,,each one of these that maybe we have seen,\Nthere's there's many more that we haven't.
Dialogue: 0,0:04:28.98,0:04:37.59,Default,,0000,0000,0000,,So, I want to just get us up to speed on\Nwhat we do know, to start with. We've seen
Dialogue: 0,0:04:37.59,0:04:43.09,Default,,0000,0000,0000,,Red Star—this is version 3, it came out\Nthree years ago that we learned about Red
Dialogue: 0,0:04:43.09,0:04:47.00,Default,,0000,0000,0000,,Star version 3; this this thing that sort\Nof Mac-like. There's actually been a
Dialogue: 0,0:04:47.00,0:04:50.03,Default,,0000,0000,0000,,couple other versions that have ended up\Non the Internet that we know stuff about.
Dialogue: 0,0:04:50.03,0:04:54.69,Default,,0000,0000,0000,,And we we have at some level a better\Npicture of what the desktop technology
Dialogue: 0,0:04:54.69,0:04:59.56,Default,,0000,0000,0000,,looks like. We've seen version 2.5 which\Nlooks somewhat Windows like. There's been
Dialogue: 0,0:04:59.56,0:05:04.25,Default,,0000,0000,0000,,a release of the server version that runs\Nsome of the web servers from the country.
Dialogue: 0,0:05:04.71,0:05:10.18,Default,,0000,0000,0000,,And then two years ago, Florian and\NNiklaus' talk—they actually went in and
Dialogue: 0,0:05:10.18,0:05:13.75,Default,,0000,0000,0000,,did a bunch of analysis of it, along\Nwith on the Internet there's been
Dialogue: 0,0:05:13.75,0:05:18.32,Default,,0000,0000,0000,,blog posts of other people who've posted\NCVEs of various bugs that they found in
Dialogue: 0,0:05:18.32,0:05:22.54,Default,,0000,0000,0000,,this, figured out how to make it run on\Nthe external Internet by changing firewall
Dialogue: 0,0:05:22.54,0:05:26.54,Default,,0000,0000,0000,,rules, and really just like learning a lot\Nabout both the environment that this thing
Dialogue: 0,0:05:26.54,0:05:32.31,Default,,0000,0000,0000,,was working in and the properties of it.\NWe have a bit less on the mobile side - so
Dialogue: 0,0:05:32.31,0:05:37.03,Default,,0000,0000,0000,,this is what a store in in Korea in\NPyongyang sort of looks like: those are
Dialogue: 0,0:05:37.03,0:05:43.56,Default,,0000,0000,0000,,laptops on the left, tablets and phones on\Nthe right for sale. We got a talk last
Dialogue: 0,0:05:43.56,0:05:49.09,Default,,0000,0000,0000,,year, again from Niklaus and Florian, about\Nthe Woolim tablet. I think that's actually
Dialogue: 0,0:05:50.44,0:05:56.42,Default,,0000,0000,0000,,maybe on the second row in this picture.\NAnd and we got a sense of some of the
Dialogue: 0,0:05:56.42,0:06:02.46,Default,,0000,0000,0000,,information controls there in particular,\Nright. So what they talked about was how
Dialogue: 0,0:06:02.46,0:06:07.52,Default,,0000,0000,0000,,this thing prevents some types of file\Ncopies and transferring, and some of the
Dialogue: 0,0:06:07.52,0:06:12.54,Default,,0000,0000,0000,,sort of surveillance things that are built\Ninto it. But again, we didn't get too much
Dialogue: 0,0:06:12.54,0:06:17.81,Default,,0000,0000,0000,,in terms of hardware to bite our teeth\Ninto. Finally, there's this like next
Dialogue: 0,0:06:17.81,0:06:23.93,Default,,0000,0000,0000,,layer up—the software ecosystem. This is\Nan app store, again in Korea. You go to a
Dialogue: 0,0:06:23.93,0:06:27.79,Default,,0000,0000,0000,,place and they have nice … this is this is\Na nice one where they've got pictures so I
Dialogue: 0,0:06:27.79,0:06:33.55,Default,,0000,0000,0000,,can see which games it is that are for\Nsale that they'll then plug this in my
Dialogue: 0,0:06:33.55,0:06:41.28,Default,,0000,0000,0000,,device into a computer and transfer apps\Nonto the device. And so we get all of this
Dialogue: 0,0:06:41.28,0:06:46.24,Default,,0000,0000,0000,,and we have mostly anecdotes that are that\Nare helping us sort of get small pictures,
Dialogue: 0,0:06:46.24,0:06:48.81,Default,,0000,0000,0000,,and I think the real problem right is\Nthere's all these devices—this is an
Dialogue: 0,0:06:48.81,0:06:54.67,Default,,0000,0000,0000,,example of a few, and and we really I\Nthink are quite far behind and having that
Dialogue: 0,0:06:54.67,0:07:02.23,Default,,0000,0000,0000,,bar lowered for people to play and\Nunderstand what these things are. So, what
Dialogue: 0,0:07:02.23,0:07:06.80,Default,,0000,0000,0000,,what I want to do to like try and explain\Nthat situation that we're in is is talk
Dialogue: 0,0:07:06.80,0:07:11.77,Default,,0000,0000,0000,,about why we're there and the different\Nsort of general groups of where these
Dialogue: 0,0:07:11.77,0:07:16.00,Default,,0000,0000,0000,,devices end up. I realize that\Nthat's talking about motives and that
Dialogue: 0,0:07:16.00,0:07:19.61,Default,,0000,0000,0000,,is often like the way that you get\Npeople mad at you, if you try and
Dialogue: 0,0:07:19.61,0:07:22.77,Default,,0000,0000,0000,,ascribe some motivation to them that\Nthey disagree with. So realize that these
Dialogue: 0,0:07:22.77,0:07:26.55,Default,,0000,0000,0000,,are bread's … broad strokes and not really\Nindicative of everyone. But this gives you
Dialogue: 0,0:07:26.55,0:07:31.59,Default,,0000,0000,0000,,some sense of why we've still ended up in\Nthis world of not knowing much publicly.
Dialogue: 0,0:07:31.59,0:07:36.83,Default,,0000,0000,0000,,Maybe … there's a quote from … this is\Nfrom Kim Jong-il that's that's relevant, and
Dialogue: 0,0:07:36.83,0:07:41.98,Default,,0000,0000,0000,,and says, you know, Koreans are quite an\Nintelligent people and even in computer
Dialogue: 0,0:07:41.98,0:07:45.57,Default,,0000,0000,0000,,technology we excel. I think this is\Nsomething that we maybe don't appreciate
Dialogue: 0,0:07:45.57,0:07:50.29,Default,,0000,0000,0000,,when we're thinking about this. It is\Nrational for Korea to not want this stuff
Dialogue: 0,0:07:50.29,0:07:54.62,Default,,0000,0000,0000,,to come out, right? They are worried about\Nadversarial government's trying to
Dialogue: 0,0:07:54.62,0:07:58.92,Default,,0000,0000,0000,,leverage whatever they can. It seems\Nrational that it's in their best interest
Dialogue: 0,0:07:58.92,0:08:03.33,Default,,0000,0000,0000,,to make it difficult for this stuff to get\Nout and for people to be able to attack
Dialogue: 0,0:08:03.33,0:08:08.90,Default,,0000,0000,0000,,them with it. That's what we've seen in,\Nyou know, against the threat model well
Dialogue: 0,0:08:08.90,0:08:16.71,Default,,0000,0000,0000,,implemented copy control and and other\Nsort of limitations on the on the devices.
Dialogue: 0,0:08:16.71,0:08:19.63,Default,,0000,0000,0000,,In terms of foreigners who have access to\Nthese devices, I think there's sort of two
Dialogue: 0,0:08:19.63,0:08:24.07,Default,,0000,0000,0000,,classes. What we saw in the talk last year\Nwas a device that came out through a
Dialogue: 0,0:08:24.07,0:08:29.65,Default,,0000,0000,0000,,defector group. So you've got someone who\Nleft with this device and now he's trying
Dialogue: 0,0:08:29.65,0:08:35.36,Default,,0000,0000,0000,,to figure out what what's on it. And that\Nis this adversarial relationship where the
Dialogue: 0,0:08:35.36,0:08:40.30,Default,,0000,0000,0000,,goal there is to do damage to the country.\NAnd so there's much more value in having
Dialogue: 0,0:08:40.30,0:08:45.50,Default,,0000,0000,0000,,0-days than there is in releasing this\Nbecause then the security gets fixed. And
Dialogue: 0,0:08:45.50,0:08:48.88,Default,,0000,0000,0000,,so you'll see that you know for any device\Nthat comes out there there's really the
Dialogue: 0,0:08:48.88,0:08:52.52,Default,,0000,0000,0000,,sensitivity both in terms of not wanting\Nto identify people but also in; well if we
Dialogue: 0,0:08:52.52,0:08:57.77,Default,,0000,0000,0000,,find anything that's buggy, we want to be\Nable to do something with it. I think in
Dialogue: 0,0:08:57.77,0:09:03.04,Default,,0000,0000,0000,,fact there's many more devices that don't\Ncome out that way but that are held by
Dialogue: 0,0:09:03.04,0:09:08.12,Default,,0000,0000,0000,,foreigners who are working constructively\Nwith the country. And for them, the the
Dialogue: 0,0:09:08.12,0:09:12.79,Default,,0000,0000,0000,,reason is somewhat different. And I think\Nthe reason for them is in many cases that
Dialogue: 0,0:09:12.79,0:09:17.17,Default,,0000,0000,0000,,they're worried about sort of the unknown\Nunknowns of “could someone get in trouble?
Dialogue: 0,0:09:17.17,0:09:21.45,Default,,0000,0000,0000,,Will this result in my connection to the\Ncountry getting disrupted? The people
Dialogue: 0,0:09:21.45,0:09:25.03,Default,,0000,0000,0000,,I like and work with getting in trouble\Nfor having given me the device that I've
Dialogue: 0,0:09:25.03,0:09:28.64,Default,,0000,0000,0000,,been done something reckless with.”\NRight, so we can see from like
Dialogue: 0,0:09:28.64,0:09:31.53,Default,,0000,0000,0000,,a bunch of individual perspectives why\Nwe don't have more of this technology
Dialogue: 0,0:09:31.53,0:09:37.12,Default,,0000,0000,0000,,out there. We can also understand\Nthat, you know, as the public, this
Dialogue: 0,0:09:37.12,0:09:40.05,Default,,0000,0000,0000,,creates this weird thing where\Nwe're all fascinated but don't
Dialogue: 0,0:09:40.05,0:09:43.95,Default,,0000,0000,0000,,have access. And and that I think\Nalso in the spirit of, you know,
Dialogue: 0,0:09:43.95,0:09:49.69,Default,,0000,0000,0000,,for Korea, this isn't great. Because the\Nbugs go unpatched and they don't get a
Dialogue: 0,0:09:49.69,0:09:56.66,Default,,0000,0000,0000,,better security. So, this is the\Nelectronic goods store at the airport
Dialogue: 0,0:09:56.66,0:10:00.80,Default,,0000,0000,0000,,which somewhat counter-intuitively doesn't\Nactually sell the tablets to foreigners
Dialogue: 0,0:10:00.80,0:10:07.20,Default,,0000,0000,0000,,but they do have some. What we're … what\Nwe're going to talk about for the rest of
Dialogue: 0,0:10:07.20,0:10:14.31,Default,,0000,0000,0000,,this talk is an effort that I guess we're\Nsort of putting out on the web called
Dialogue: 0,0:10:14.31,0:10:19.54,Default,,0000,0000,0000,,computer … KoreaComputerCenter.org. Where\Nwe're going to try and release a bit more
Dialogue: 0,0:10:19.54,0:10:23.70,Default,,0000,0000,0000,,of this technology. And I'm going to talk\Nthrough the three initial things that
Dialogue: 0,0:10:23.70,0:10:27.93,Default,,0000,0000,0000,,we're going to put up there that we hope\Npeople play with. And this is in the
Dialogue: 0,0:10:27.93,0:10:34.08,Default,,0000,0000,0000,,spirit that this we think … this makes life\Nbetter both for Korea and for the outside
Dialogue: 0,0:10:34.08,0:10:40.01,Default,,0000,0000,0000,,world. For Korea, the same thing I was\Njust saying—I think you get better
Dialogue: 0,0:10:40.01,0:10:44.50,Default,,0000,0000,0000,,security in the long run. We we I think as\Na community understand the value of open-
Dialogue: 0,0:10:44.50,0:10:48.62,Default,,0000,0000,0000,,source software, and in having many eyes\Naudit and find the bugs. We've already
Dialogue: 0,0:10:48.62,0:10:53.18,Default,,0000,0000,0000,,seen that on the artifacts that have\Ngotten out. For us, I think it's a great
Dialogue: 0,0:10:53.18,0:11:00.82,Default,,0000,0000,0000,,chance to … to do two things—one one,\Nit spreads our understanding more
Dialogue: 0,0:11:00.82,0:11:03.100,Default,,0000,0000,0000,,consistently so we actually understand\Nwhat is going on in the country and can
Dialogue: 0,0:11:03.100,0:11:08.77,Default,,0000,0000,0000,,make rational policy decisions at some\Nhigh level. It's also fascinating and we
Dialogue: 0,0:11:08.77,0:11:15.23,Default,,0000,0000,0000,,get to preserve this anthropological\Nartifact of this really amazing parallel
Dialogue: 0,0:11:15.23,0:11:19.13,Default,,0000,0000,0000,,development that has created … that\Nthat exists of of what technology is
Dialogue: 0,0:11:19.13,0:11:25.52,Default,,0000,0000,0000,,like in Korea. So, in that spirit,\Nlet's talk about what's coming out.
Dialogue: 0,0:11:25.52,0:11:29.79,Default,,0000,0000,0000,,Some of this I think is showing up on\NBitTorrent links that are on this site
Dialogue: 0,0:11:29.79,0:11:36.01,Default,,0000,0000,0000,,koreacomputercenter.org as we speak. The\Nfirst is a phone image—there's a system
Dialogue: 0,0:11:36.01,0:11:43.87,Default,,0000,0000,0000,,partition and data partition recovery for\Nthis phon, a Pyongyang 2407. This phone
Dialogue: 0,0:11:43.87,0:11:51.05,Default,,0000,0000,0000,,was chosen because it's made by a Chinese\NOEM, Jin Lee, which also creates the same
Dialogue: 0,0:11:51.05,0:11:58.06,Default,,0000,0000,0000,,hardware in an Indian model. So if you've\Ngot a friend in India at least, you can
Dialogue: 0,0:11:58.06,0:12:04.25,Default,,0000,0000,0000,,get the G&amp;E v5—it's exactly the same\Nhardware and so these images can load onto
Dialogue: 0,0:12:04.25,0:12:08.33,Default,,0000,0000,0000,,one of these phones and then you will also\Nbe able to run this operating system. And
Dialogue: 0,0:12:08.33,0:12:12.24,Default,,0000,0000,0000,,so rather than just doing static analysis\Nof what's there you can actually see how
Dialogue: 0,0:12:12.24,0:12:16.95,Default,,0000,0000,0000,,that fits together and what actually\Nhappens. How it works, that it does shut
Dialogue: 0,0:12:16.95,0:12:20.43,Default,,0000,0000,0000,,down when a SIM card from a different\Noperator gets plugged in, these sorts of
Dialogue: 0,0:12:20.43,0:12:26.73,Default,,0000,0000,0000,,things. So this is this is just I guess\NI'll say the the basic phone system - it
Dialogue: 0,0:12:26.73,0:12:30.66,Default,,0000,0000,0000,,doesn't include most apps but it's got a\Nbunch of the sort of operating system-
Dialogue: 0,0:12:30.66,0:12:35.19,Default,,0000,0000,0000,,level copy controls. You can get your\Nhands on the the Red Star protection
Dialogue: 0,0:12:35.19,0:12:42.71,Default,,0000,0000,0000,,things that we're talked about last year.\NThe second thing for apps we're going to
Dialogue: 0,0:12:42.71,0:12:46.30,Default,,0000,0000,0000,,turn to something a little bit older this\Nis the Samjiyon tablet which is one of the
Dialogue: 0,0:12:46.30,0:12:54.19,Default,,0000,0000,0000,,first tablets that came out 2011-2012 era.\NThis was sort of at the beginning of
Dialogue: 0,0:12:54.19,0:12:58.04,Default,,0000,0000,0000,,Korea's sort of introduction of widespread\Nconsumer electronics, so it got circulated
Dialogue: 0,0:12:58.04,0:13:03.48,Default,,0000,0000,0000,,quite a bit. It was a larger run of\Ndevices than many of them. In fact so
Dialogue: 0,0:13:03.48,0:13:07.21,Default,,0000,0000,0000,,widespread that there's there's one of\Nthese devices in the Stanford library. And
Dialogue: 0,0:13:07.21,0:13:10.48,Default,,0000,0000,0000,,so I guess the other thing I'll stress is\Nthese devices are out there and it's a
Dialogue: 0,0:13:10.48,0:13:13.100,Default,,0000,0000,0000,,matter of making sure that we're releasing\Nthese in a way where it's just like this
Dialogue: 0,0:13:13.100,0:13:18.01,Default,,0000,0000,0000,,is software but we're not necessarily\Ngetting anyone in particular in trouble
Dialogue: 0,0:13:18.01,0:13:21.22,Default,,0000,0000,0000,,because these devices we know are in a\Nbunch of places and the attribution
Dialogue: 0,0:13:21.22,0:13:24.45,Default,,0000,0000,0000,,becomes hard at that point for\Nanyone to like, lose
Dialogue: 0,0:13:24.45,0:13:27.36,Default,,0000,0000,0000,,contact or get in trouble. So there's
Dialogue: 0,0:13:27.36,0:13:33.81,Default,,0000,0000,0000,,there's a basic set of apps that come\Nthere. These are some of the icons there -
Dialogue: 0,0:13:33.81,0:13:37.100,Default,,0000,0000,0000,,there's a nice one that has a bunch of\Nrecipes. The the thing I'll say about
Dialogue: 0,0:13:37.100,0:13:42.69,Default,,0000,0000,0000,,these - these were made for this specific\Ndevice and this is a thing that you'll see
Dialogue: 0,0:13:42.69,0:13:46.82,Default,,0000,0000,0000,,I think throughout all the software if you\Nactually take a look at it. And so there's
Dialogue: 0,0:13:46.82,0:13:51.93,Default,,0000,0000,0000,,a lot of hard-coded paths. So as well as\Nthe APKs themselves you'll find that they
Dialogue: 0,0:13:51.93,0:13:56.07,Default,,0000,0000,0000,,reference things that they expect to be in\Nspecific parts of the SD card. Those files
Dialogue: 0,0:13:56.07,0:14:00.45,Default,,0000,0000,0000,,are included, but it's unlikely that if\Nyou just copy the APK onto a Android phone
Dialogue: 0,0:14:00.45,0:14:06.37,Default,,0000,0000,0000,,it will be able to show you much content.\NSo it would be awesome if someone who
Dialogue: 0,0:14:06.37,0:14:09.57,Default,,0000,0000,0000,,enjoys small.i wants to twiddle some paths\Nso that those can look for internal
Dialogue: 0,0:14:09.57,0:14:13.92,Default,,0000,0000,0000,,resources instead, and lower that bar\Nfurther so that more people can play. I
Dialogue: 0,0:14:13.92,0:14:17.14,Default,,0000,0000,0000,,think the other thing that's interesting\Nhere is pretty much all of these apps use
Dialogue: 0,0:14:17.14,0:14:21.67,Default,,0000,0000,0000,,their own specific binary format that's\Nlike yet again this totally new thing
Dialogue: 0,0:14:21.67,0:14:29.21,Default,,0000,0000,0000,,where it's like someone just coded some\Ntotally one-off thing. And that's weird.
Dialogue: 0,0:14:29.21,0:14:33.08,Default,,0000,0000,0000,,And the final thing is we're gonna release\Na bunch of educational materials that seem
Dialogue: 0,0:14:33.08,0:14:36.52,Default,,0000,0000,0000,,to sort of end up on these devices.\NEducation is one of the big purposes,
Dialogue: 0,0:14:36.52,0:14:40.61,Default,,0000,0000,0000,,right? You're you're giving these to the\Nthe children and teenagers who are
Dialogue: 0,0:14:40.61,0:14:45.16,Default,,0000,0000,0000,,especially excited about technology and\None of the useful things that they can do
Dialogue: 0,0:14:45.16,0:14:50.49,Default,,0000,0000,0000,,is use that for for their course material.\NIn getting a set of PDFs that are sort of
Dialogue: 0,0:14:50.49,0:14:55.19,Default,,0000,0000,0000,,like usable, we ended up having to do some\Nwork. I'm gonna turn over to Gabe to
Dialogue: 0,0:14:55.19,0:14:58.65,Default,,0000,0000,0000,,explain sort of the process we went\Nthrough and getting this this last set of
Dialogue: 0,0:14:58.65,0:15:03.28,Default,,0000,0000,0000,,the the textbooks that are\Ngoing to come out.
Dialogue: 0,0:15:03.28,0:15:08.03,Default,,0000,0000,0000,,Gabe: Thanks, Will. So basically when I\Ngot involved with this, the situation as
Dialogue: 0,0:15:08.03,0:15:13.86,Default,,0000,0000,0000,,far as these textbooks was that we had\Nquite a few of these files. And there are
Dialogue: 0,0:15:13.86,0:15:18.63,Default,,0000,0000,0000,,two things you could tell on the surface -\None is that they claim to be PDF files
Dialogue: 0,0:15:18.63,0:15:24.38,Default,,0000,0000,0000,,based on the filename, and some of them\Nhave titles in English or Korean -
Dialogue: 0,0:15:24.38,0:15:25.38,Default,,0000,0000,0000,,that sort of suggests
Dialogue: 0,0:15:25.38,0:15:28.48,Default,,0000,0000,0000,,what's inside. But what you see on the\Nscreen is not what we saw because none of
Dialogue: 0,0:15:28.48,0:15:35.32,Default,,0000,0000,0000,,these files were plain PDFs. So there's a\Nbit of sort of custom DRM that's been
Dialogue: 0,0:15:35.32,0:15:40.96,Default,,0000,0000,0000,,applied to these files and it's pretty\Nrudimentary, but it's actually been kind
Dialogue: 0,0:15:40.96,0:15:48.16,Default,,0000,0000,0000,,of remarkably decent job of what we think\Nit was designed for. Which is that the the
Dialogue: 0,0:15:48.16,0:15:53.35,Default,,0000,0000,0000,,textbooks that come with or that come with\Nor that are added to one device are not
Dialogue: 0,0:15:53.35,0:15:57.58,Default,,0000,0000,0000,,supposed to be able to be accessed on a\Ndifferent device. And as well so if you
Dialogue: 0,0:15:57.58,0:16:01.63,Default,,0000,0000,0000,,pulled the these PDF files out of the\Ndevice that you send off outside the
Dialogue: 0,0:16:01.63,0:16:07.01,Default,,0000,0000,0000,,country, they're not readable. Now one\Nthing I will say is that we know from some
Dialogue: 0,0:16:07.01,0:16:13.01,Default,,0000,0000,0000,,of the previous talks on Red Star that\Ndevelopers in and for the DPRK have
Dialogue: 0,0:16:13.01,0:16:20.26,Default,,0000,0000,0000,,implemented actual AES-like encryption.\NThis is not that - it's fairly basic and
Dialogue: 0,0:16:20.26,0:16:26.27,Default,,0000,0000,0000,,we did find some some holes in it. So talk\Na little bit about what we did. So when we
Dialogue: 0,0:16:26.27,0:16:30.95,Default,,0000,0000,0000,,look at these files, the first thing we\Nnotice is that they don't have a PDF
Dialogue: 0,0:16:30.95,0:16:35.03,Default,,0000,0000,0000,,header. The first eight bytes have this\Nreference or this potential reference
Dialogue: 0,0:16:35.03,0:16:40.46,Default,,0000,0000,0000,,anyway to what will might be a date in\Nlittle-endian format. So this might be
Dialogue: 0,0:16:40.46,0:16:45.91,Default,,0000,0000,0000,,either December 1st or January 12th in\N1978. If you have any idea what that
Dialogue: 0,0:16:45.91,0:16:50.92,Default,,0000,0000,0000,,means, please let us know because we're\Nkind of curious. The next thing is that
Dialogue: 0,0:16:50.92,0:16:56.30,Default,,0000,0000,0000,,when we started to look at the devices,\Nbecause we also had the the applications
Dialogue: 0,0:16:56.30,0:17:03.45,Default,,0000,0000,0000,,that read these files, one of them has a\Nhard coded reference to those first four
Dialogue: 0,0:17:03.45,0:17:08.32,Default,,0000,0000,0000,,bytes. And so when you look at what that\Napplication was, we find that it's this
Dialogue: 0,0:17:08.32,0:17:14.14,Default,,0000,0000,0000,,app called UDK.Android.Reader, which if\Nyou go to the Google Play Store it's just
Dialogue: 0,0:17:14.14,0:17:21.28,Default,,0000,0000,0000,,a commercially available PDF Reader app\Nfor Android. But it's not really, because
Dialogue: 0,0:17:21.28,0:17:27.46,Default,,0000,0000,0000,,it's been modified to implement the the\NDRM that we're looking at here. So
Dialogue: 0,0:17:27.46,0:17:32.89,Default,,0000,0000,0000,,basically, we took the the copy of the\Nreader that's available online, and one of
Dialogue: 0,0:17:32.89,0:17:37.77,Default,,0000,0000,0000,,the copies on one of the devices, and\Nwe'll compare them we find that the
Dialogue: 0,0:17:37.77,0:17:44.07,Default,,0000,0000,0000,,application calls out to a shared library\Nwhen it wants to parse a PDF file. That
Dialogue: 0,0:17:44.07,0:17:47.27,Default,,0000,0000,0000,,library looks kind of like this\N- these are the ELF sections in the file
Dialogue: 0,0:17:47.27,0:17:53.85,Default,,0000,0000,0000,,and it's pretty normal. When we look at\Nthe copy that's on the DPRK version of the
Dialogue: 0,0:17:53.85,0:17:58.79,Default,,0000,0000,0000,,app, there's this one section added that\Nkind of jumps out - like it's literally
Dialogue: 0,0:17:58.79,0:18:07.99,Default,,0000,0000,0000,,called dot-modified. So when you look into\Nwhat's in that section, we see something
Dialogue: 0,0:18:07.99,0:18:12.23,Default,,0000,0000,0000,,like this - and this is really not going\Nto be legible both because of the size of
Dialogue: 0,0:18:12.23,0:18:18.37,Default,,0000,0000,0000,,text and because it's decompiled from ARM.\NBut we have the original decompiled code
Dialogue: 0,0:18:18.37,0:18:23.20,Default,,0000,0000,0000,,on the left, and the DPRK version on the\Nright. And the two things I just want to
Dialogue: 0,0:18:23.20,0:18:29.38,Default,,0000,0000,0000,,highlight are - at the top the original\Nfunction that would be filling a buffer to
Dialogue: 0,0:18:29.38,0:18:34.03,Default,,0000,0000,0000,,read the file has been replaced by a stub\Nthat calls this sort of custom method in
Dialogue: 0,0:18:34.03,0:18:39.62,Default,,0000,0000,0000,,the modified section. And this the version\Nthat's over in the modified section does
Dialogue: 0,0:18:39.62,0:18:44.38,Default,,0000,0000,0000,,basically the exact same thing, except\Nthat in one case it will call another
Dialogue: 0,0:18:44.38,0:18:47.74,Default,,0000,0000,0000,,function that does some decryption. And\Nthere's some other things as well in the
Dialogue: 0,0:18:47.74,0:18:54.20,Default,,0000,0000,0000,,modified section this is just sort of one\Nexample. Now the reason that this is kind
Dialogue: 0,0:18:54.20,0:18:58.64,Default,,0000,0000,0000,,of interesting to us is that it really\Nshows us that these modifications were not
Dialogue: 0,0:18:58.64,0:19:04.00,Default,,0000,0000,0000,,made by someone who had source code.\NLike this is kind of crazy low-level, not
Dialogue: 0,0:19:04.00,0:19:09.64,Default,,0000,0000,0000,,crazy, but like it's it's really low-level\Nmodification of the binary itself. So when
Dialogue: 0,0:19:09.64,0:19:14.36,Default,,0000,0000,0000,,we look into those functions and what they\Ndo, what we start finding is that the
Dialogue: 0,0:19:14.36,0:19:21.88,Default,,0000,0000,0000,,shared library, the modified version of\Nthe shared library, has this 512 bytes pad
Dialogue: 0,0:19:21.88,0:19:25.96,Default,,0000,0000,0000,,which basically gets used over and over\Nagain as part of the decryption process.
Dialogue: 0,0:19:25.96,0:19:29.65,Default,,0000,0000,0000,,And one of the things about it is that for\Ndifferent files you will start using it at
Dialogue: 0,0:19:29.65,0:19:35.87,Default,,0000,0000,0000,,a different point. And there's also a four\Nbyte key that's different for every file,
Dialogue: 0,0:19:35.87,0:19:41.18,Default,,0000,0000,0000,,which comes from a combination of a few\Nbytes in the file header itself, and a
Dialogue: 0,0:19:41.18,0:19:50.33,Default,,0000,0000,0000,,per-device key. So that per-device key is\Nkind of interesting. So they're taking,
Dialogue: 0,0:19:50.33,0:19:54.03,Default,,0000,0000,0000,,well at the end of the day you want a four\Nbyte key, and they're generating it out of
Dialogue: 0,0:19:54.03,0:19:57.69,Default,,0000,0000,0000,,a six byte MAC address and the code that\Nthey use kind of looks like this.
Dialogue: 0,0:19:57.69,0:20:02.67,Default,,0000,0000,0000,,This is us reimplementing it\Nin Go. One of
Dialogue: 0,0:20:02.67,0:20:06.66,Default,,0000,0000,0000,,the weird things about it is that some of\Nthese devices may not actually have useful
Dialogue: 0,0:20:06.66,0:20:11.42,Default,,0000,0000,0000,,MAC addresses so in some cases the MAC\Naddress that's using is actually just some
Dialogue: 0,0:20:11.42,0:20:17.46,Default,,0000,0000,0000,,hard-coded value in a file. All the time\Nwhen it reads these MAC addresses it's
Dialogue: 0,0:20:17.46,0:20:21.94,Default,,0000,0000,0000,,really just reading some code or some some\Ntext out of that system etc MAC address
Dialogue: 0,0:20:21.94,0:20:28.61,Default,,0000,0000,0000,,file. So if you have that key, the process\Nto decrypt is really simple. You take that
Dialogue: 0,0:20:28.61,0:20:35.08,Default,,0000,0000,0000,,key, you subtract some of the bytes - the\Nones marked with Y, and you get your four
Dialogue: 0,0:20:35.08,0:20:41.02,Default,,0000,0000,0000,,bytes to do a decryption. And the point in\Nthe pad that I mentioned for this (tilaka)
Dialogue: 0,0:20:41.02,0:20:47.20,Default,,0000,0000,0000,,starting offset is just that same value\Ninterpreted as an integer mod 512 because
Dialogue: 0,0:20:47.20,0:20:53.72,Default,,0000,0000,0000,,that's the length of the pad. In all the\Nexamples we looked at, or as far as we
Dialogue: 0,0:20:53.72,0:21:00.75,Default,,0000,0000,0000,,could tell, these headers only had keys\Nfor like one device. But looking at the
Dialogue: 0,0:21:00.75,0:21:06.50,Default,,0000,0000,0000,,the compiled code it looks like it might\Nbe possible to have like one file that can
Dialogue: 0,0:21:06.50,0:21:09.82,Default,,0000,0000,0000,,be decrypted by multiple different\Ndevices. We just haven't actually seen a
Dialogue: 0,0:21:09.82,0:21:16.25,Default,,0000,0000,0000,,file that is like. So the way that\Nactually does decryption is byte by byte
Dialogue: 0,0:21:16.25,0:21:22.94,Default,,0000,0000,0000,,and this is a simplified view of what's\Ngoing on. We're releasing a tool that will
Dialogue: 0,0:21:22.94,0:21:26.23,Default,,0000,0000,0000,,do this correctly and has all the details\Nin it but in a nutshell what you're doing
Dialogue: 0,0:21:26.23,0:21:30.09,Default,,0000,0000,0000,,is you're doing a little bit of math to\Nfigure out where you are starting from for
Dialogue: 0,0:21:30.09,0:21:33.98,Default,,0000,0000,0000,,all these operations. And then for each\Nbyte that you want to decrypt, you take
Dialogue: 0,0:21:33.98,0:21:39.71,Default,,0000,0000,0000,,your encrypted byte, you subtract one of\Nthe per-file bytes, and then you XOR the
Dialogue: 0,0:21:39.71,0:21:46.75,Default,,0000,0000,0000,,whole thing with one of the bytes from\Nthat 512 byte pad. So, the cool thing
Dialogue: 0,0:21:46.75,0:21:52.20,Default,,0000,0000,0000,,about this from my point of view is that\Nthis process is totally reversible. So if
Dialogue: 0,0:21:52.20,0:21:57.22,Default,,0000,0000,0000,,you don't know your per-file key but you\Ndo know what the plaintext should look
Dialogue: 0,0:21:57.22,0:22:05.54,Default,,0000,0000,0000,,like, you can run this backwards. And it\Nlooks ound like that. So what if you just
Dialogue: 0,0:22:05.54,0:22:09.21,Default,,0000,0000,0000,,get a bunch of these encrypted PDF files\Nand you have no idea what device they came
Dialogue: 0,0:22:09.21,0:22:15.17,Default,,0000,0000,0000,,from and you just want to look at them?\NYou can also do it like. It's really
Dialogue: 0,0:22:15.17,0:22:19.17,Default,,0000,0000,0000,,quick to do you basically\Nbrute-force all of the potentialial
Dialogue: 0,0:22:19.17,0:22:22.41,Default,,0000,0000,0000,,positions to be starting from, which\Nis really not that many many because the
Dialogue: 0,0:22:22.41,0:22:28.25,Default,,0000,0000,0000,,pad is not very big. And it's kind of a\Nplain text at a known plaintext attack.
Dialogue: 0,0:22:28.25,0:22:33.57,Default,,0000,0000,0000,,The header a PDF file always looks like %\NPDF and then there's a version number. So
Dialogue: 0,0:22:33.57,0:22:38.83,Default,,0000,0000,0000,,you take 4 bytes you calculate the per-\Nfile key that you would need to to make
Dialogue: 0,0:22:38.83,0:22:44.10,Default,,0000,0000,0000,,that decrypt to % PDF and then you take\Nthe same per-file key and you see if it
Dialogue: 0,0:22:44.10,0:22:49.16,Default,,0000,0000,0000,,would be able to decrypt the next section\Nto a version number, and wind up with a
Dialogue: 0,0:22:49.16,0:22:58.78,Default,,0000,0000,0000,,valid header. And so we've done this for\Nall of the the files that we found, and
Dialogue: 0,0:22:58.78,0:23:04.88,Default,,0000,0000,0000,,basically wound up with plain text for all\Nthese. One of the things that we noticed
Dialogue: 0,0:23:04.88,0:23:10.31,Default,,0000,0000,0000,,after decrypting these files is that many\Nof them have watermarks at the end - so if
Dialogue: 0,0:23:10.31,0:23:17.23,Default,,0000,0000,0000,,we look back to the talks on Red Star OS\Nfrom the past years, Florian and Niklaus
Dialogue: 0,0:23:17.23,0:23:21.97,Default,,0000,0000,0000,,did some work on understanding what the\Nwatermark is. And if you want full details
Dialogue: 0,0:23:21.97,0:23:28.86,Default,,0000,0000,0000,,look at those talks. But to summarize it -\Nevery time that a file passes through a
Dialogue: 0,0:23:28.86,0:23:34.50,Default,,0000,0000,0000,,desktop system or sometimes a file gets\Nmodified the OS adds basically an
Dialogue: 0,0:23:34.50,0:23:40.29,Default,,0000,0000,0000,,encrypted form of the hard drive serial\Nnumber. Now when releasing these files we
Dialogue: 0,0:23:40.29,0:23:45.46,Default,,0000,0000,0000,,want to sort of obscure their origins and\Nnot get any particular people into
Dialogue: 0,0:23:45.46,0:23:52.20,Default,,0000,0000,0000,,trouble, so we remove all those watermarks\Nbefore releasing these. And that's pretty
Dialogue: 0,0:23:52.20,0:23:55.66,Default,,0000,0000,0000,,simple because the way that this works\Nwith PDF files is just that there's a
Dialogue: 0,0:23:55.66,0:23:59.86,Default,,0000,0000,0000,,known line of text at the end of the file\Nthat represents the end of the PDF, and
Dialogue: 0,0:23:59.86,0:24:05.13,Default,,0000,0000,0000,,the Red Star always puts these watermarks\Nat the end so we just chop off the end. So
Dialogue: 0,0:24:05.13,0:24:10.19,Default,,0000,0000,0000,,once we have this we have like over 300\Nfiles of really different kinds of things,
Dialogue: 0,0:24:10.19,0:24:14.04,Default,,0000,0000,0000,,and we've kind of looked at some of them\Nbut we're going to be releasing a torrent
Dialogue: 0,0:24:14.04,0:24:19.59,Default,,0000,0000,0000,,with all of them and we'd really like to\Nsee what people come up with - just you
Dialogue: 0,0:24:19.59,0:24:21.94,Default,,0000,0000,0000,,know that that's in these files that we\Nhave noticed.
Dialogue: 0,0:24:21.94,0:24:25.15,Default,,0000,0000,0000,,Will: Have we looked at all of them?\NGabe: I mean yeah, we've had like a quick
Dialogue: 0,0:24:25.15,0:24:30.33,Default,,0000,0000,0000,,look at some of them. We don't, I don't\Nspeak Korean, you know some. There's
Dialogue: 0,0:24:30.33,0:24:36.46,Default,,0000,0000,0000,,probably more to be found in that archive.\NSo quick a look at just a couple of
Dialogue: 0,0:24:36.46,0:24:42.02,Default,,0000,0000,0000,,examples of things we found. There's many\Ndifferent kinds of books on these devices
Dialogue: 0,0:24:42.02,0:24:45.66,Default,,0000,0000,0000,,many of them are like computer science\Nbooks, there's general-purpose knowledge
Dialogue: 0,0:24:45.66,0:24:50.68,Default,,0000,0000,0000,,kids textbooks. But because we want to\Nunderstand the state of technology in in
Dialogue: 0,0:24:50.68,0:24:55.89,Default,,0000,0000,0000,,the DPRK, the part that's most interesting\Nto us right now is computer science
Dialogue: 0,0:24:55.89,0:25:01.19,Default,,0000,0000,0000,,textbooks. So like two of the examples we\Nhave are this Java programming book and
Dialogue: 0,0:25:01.19,0:25:06.82,Default,,0000,0000,0000,,this computer science book. They've got\Nsome awesome covers and really neat art in
Dialogue: 0,0:25:06.82,0:25:11.97,Default,,0000,0000,0000,,some of them. But yeah, I'll hand that\Nback to to Will to actually talk about the
Dialogue: 0,0:25:11.97,0:25:20.79,Default,,0000,0000,0000,,analysis of what we we found in these\Nbooks and sort of where they came from.
Dialogue: 0,0:25:20.79,0:25:23.50,Default,,0000,0000,0000,,Will: Cool. Yeah, so maybe another quote
Dialogue: 0,0:25:23.50,0:25:28.33,Default,,0000,0000,0000,,from from Kim Jong-il is appropriate,\Nsaying that we need to be aware of the
Dialogue: 0,0:25:28.33,0:25:31.94,Default,,0000,0000,0000,,information technology industry and we\Nneed to meet the needs of the information
Dialogue: 0,0:25:31.94,0:25:37.56,Default,,0000,0000,0000,,technology industry. And so I think one of\Nthe things that that comes out of these
Dialogue: 0,0:25:37.56,0:25:42.09,Default,,0000,0000,0000,,text books that that I think is sort of\Ninteresting and this is the first benefit
Dialogue: 0,0:25:42.09,0:25:46.26,Default,,0000,0000,0000,,is that this can help us understand sort\Nof where Korea is in terms of how much
Dialogue: 0,0:25:46.26,0:25:52.68,Default,,0000,0000,0000,,emphasis its placing on this aspect. For a\Nlot of the educational materials, they
Dialogue: 0,0:25:52.68,0:25:57.02,Default,,0000,0000,0000,,seem to be organically created, they seem\Nto be about the specific environment
Dialogue: 0,0:25:57.02,0:26:02.99,Default,,0000,0000,0000,,there's a lot of training kids how to use\NRed Star of various versions that you see.
Dialogue: 0,0:26:02.99,0:26:10.44,Default,,0000,0000,0000,,The textbooks, many of them are translated\Nor follow a curriculum and a layout of
Dialogue: 0,0:26:10.44,0:26:13.70,Default,,0000,0000,0000,,foreign external materials that have been\Ntranslated. So for some of the ones where
Dialogue: 0,0:26:13.70,0:26:18.35,Default,,0000,0000,0000,,we could identify what the original source\Nwas, we tried to calculate how long that
Dialogue: 0,0:26:18.35,0:26:21.30,Default,,0000,0000,0000,,had taken, because we were actually\Nsurprised sometimes this was a pretty
Dialogue: 0,0:26:21.30,0:26:27.99,Default,,0000,0000,0000,,quick. So I'll show this waterfall graph -\Neach of these bars represents one book.
Dialogue: 0,0:26:27.99,0:26:32.17,Default,,0000,0000,0000,,Some of the titles at the bottom they're\Nquite small and the the y-axis is the
Dialogue: 0,0:26:32.17,0:26:36.76,Default,,0000,0000,0000,,year. The bottom is when the original\NEnglish version that was used seemed to
Dialogue: 0,0:26:36.76,0:26:41.73,Default,,0000,0000,0000,,come out and and the top is when the\Ntranslation was released. And so what's
Dialogue: 0,0:26:41.73,0:26:45.07,Default,,0000,0000,0000,,interesting here is you\Nsee order of even the
Dialogue: 0,0:26:45.07,0:26:50.34,Default,,0000,0000,0000,,same year sometimes a couple years\Nthroughout this whole period of 2000 to
Dialogue: 0,0:26:50.34,0:26:55.79,Default,,0000,0000,0000,,2010 where they're putting a bunch of\Neffort into taking four-hundred, five-
Dialogue: 0,0:26:55.79,0:27:03.30,Default,,0000,0000,0000,,hundred page books. The the torrent of\Nthese text books is four-some gigs, and
Dialogue: 0,0:27:03.30,0:27:09.02,Default,,0000,0000,0000,,doing good translations fairly quickly.\NThese are like solid translations the code
Dialogue: 0,0:27:09.02,0:27:14.53,Default,,0000,0000,0000,,examples have been often changed, there's\Ncomments in Korean in there. Like, this is
Dialogue: 0,0:27:14.53,0:27:17.90,Default,,0000,0000,0000,,this is a solid effort that we should be\Nunderstanding and I think maybe partially
Dialogue: 0,0:27:17.90,0:27:22.09,Default,,0000,0000,0000,,sort of fills this gap of like, what is\Nthis disconnect between this very isolated
Dialogue: 0,0:27:22.09,0:27:33.51,Default,,0000,0000,0000,,country and the fact that it has a really\Nstrong computer capability. Cool, to end,
Dialogue: 0,0:27:33.51,0:27:38.24,Default,,0000,0000,0000,,I just want to sort of give an anecdote\Nthat maybe goes to the other side of this
Dialogue: 0,0:27:38.24,0:27:42.13,Default,,0000,0000,0000,,anthropological value that we get out of\Nthis sort of work. So you've heard about
Dialogue: 0,0:27:42.13,0:27:48.04,Default,,0000,0000,0000,,Kwangmyong - this is the internal network\Nor Internet. And so from these educational
Dialogue: 0,0:27:48.04,0:27:51.89,Default,,0000,0000,0000,,textbooks you start to get I think more\Ninsight into sort of how this thing has
Dialogue: 0,0:27:51.89,0:27:57.73,Default,,0000,0000,0000,,progressed over over time. Here's pictures\Nfrom 2001, I apologize for quality, this
Dialogue: 0,0:27:57.73,0:28:03.21,Default,,0000,0000,0000,,was what was there of an early version of\NKwangmyong. This is Kwangmyong 5.1 which
Dialogue: 0,0:28:03.21,0:28:09.55,Default,,0000,0000,0000,,looks sort of like AOL. It was a dial-up\Napplication that would get you documents
Dialogue: 0,0:28:09.55,0:28:15.12,Default,,0000,0000,0000,,and information. You also see at that same\Ntime that there was an email sort of
Dialogue: 0,0:28:15.12,0:28:22.18,Default,,0000,0000,0000,,corresponding app called "hey son" - I\Nthink I got that pronunciation not too bad
Dialogue: 0,0:28:22.18,0:28:25.12,Default,,0000,0000,0000,,that was used for messaging. We've heard\Nthat there was a messaging system, we
Dialogue: 0,0:28:25.12,0:28:30.53,Default,,0000,0000,0000,,didn't really have that connected to sort\Nof where that fit in to the puzzle. A
Dialogue: 0,0:28:30.53,0:28:34.57,Default,,0000,0000,0000,,picture that seems to be that same sort of\NInternal network ended up on the South
Dialogue: 0,0:28:34.57,0:28:40.45,Default,,0000,0000,0000,,Korean internet around 2005. It got reused\Nby anonymous in 2013 when they claimed to
Dialogue: 0,0:28:40.45,0:28:46.34,Default,,0000,0000,0000,,attack the Korean government servers, but\Nbut then sort of that that turned out to
Dialogue: 0,0:28:46.34,0:28:50.78,Default,,0000,0000,0000,,be false in that it was this original 2005\Npost that someone made. That seems to be a
Dialogue: 0,0:28:50.78,0:28:56.45,Default,,0000,0000,0000,,similar system. And even in that 2005 post\Nthey they had sort of also their web
Dialogue: 0,0:28:56.45,0:29:00.48,Default,,0000,0000,0000,,component - that's the same logo\Nin the upper left as they moved
Dialogue: 0,0:29:00.48,0:29:02.12,Default,,0000,0000,0000,,to sort of a web site\Nthat we've now seen
Dialogue: 0,0:29:02.12,0:29:07.11,Default,,0000,0000,0000,,evolved. It's worth noting here right\NKwangmyong is a single site - it's a
Dialogue: 0,0:29:07.11,0:29:12.33,Default,,0000,0000,0000,,service for generally technical document\Nretrieval. Here's that same site now up to
Dialogue: 0,0:29:12.33,0:29:18.74,Default,,0000,0000,0000,,the 2010-era looking a little bit nicer at\Nleast at higher quality in the picture.
Dialogue: 0,0:29:18.74,0:29:21.89,Default,,0000,0000,0000,,And so I think what we're starting to do\Nis we're getting these insights through
Dialogue: 0,0:29:21.89,0:29:24.76,Default,,0000,0000,0000,,through seeing some of these more\Ndocuments coming out about what this
Dialogue: 0,0:29:24.76,0:29:28.84,Default,,0000,0000,0000,,internal ecosystem actually looks like.\NThere are these these services that we can
Dialogue: 0,0:29:28.84,0:29:33.74,Default,,0000,0000,0000,,start to link over time, understand what\Nsorts of files are available and the
Dialogue: 0,0:29:33.74,0:29:39.10,Default,,0000,0000,0000,,specialties of these different groups, and\Nand preserve some of this internal network
Dialogue: 0,0:29:39.10,0:29:44.93,Default,,0000,0000,0000,,that, you know, in this fairly unstable\Nenvironment, we're at in danger of losing.
Dialogue: 0,0:29:44.93,0:29:50.10,Default,,0000,0000,0000,,To bring us up to current time, this is\Nfrom 2015 - a sort of blurry picture from
Dialogue: 0,0:29:50.10,0:29:55.52,Default,,0000,0000,0000,,a Koryolink office. Koryolink's the the\Nmobile telephony provider and to call out
Dialogue: 0,0:29:55.52,0:30:00.76,Default,,0000,0000,0000,,that they now have a same set of services\Non a poster advertising mobile service
Dialogue: 0,0:30:00.76,0:30:05.83,Default,,0000,0000,0000,,with internal IPs to them. And so we're\Nseeing now that this is being introduced
Dialogue: 0,0:30:05.83,0:30:09.36,Default,,0000,0000,0000,,at a wider availability and advertised to\Npeople on their mobile devices. So we're
Dialogue: 0,0:30:09.36,0:30:13.70,Default,,0000,0000,0000,,moving beyond just wire desktop\Nconnections but this is now a thing that
Dialogue: 0,0:30:13.70,0:30:18.98,Default,,0000,0000,0000,,more people are going to have access to on\Npersonal devices. And so I think you know,
Dialogue: 0,0:30:18.98,0:30:25.67,Default,,0000,0000,0000,,internally, we're in this really exciting\Ntransitionary phase. I'm happy that that
Dialogue: 0,0:30:25.67,0:30:31.13,Default,,0000,0000,0000,,more of this ends up in the public. So,\Nthere's this site, koreacomputecenter - it
Dialogue: 0,0:30:31.13,0:30:36.32,Default,,0000,0000,0000,,should already have some links, more will\Nshow up very soon. If you are interested
Dialogue: 0,0:30:36.32,0:30:40.86,Default,,0000,0000,0000,,we encourage you to go grab that stuff try\Nand make it the bar lower. If you have
Dialogue: 0,0:30:40.86,0:30:45.19,Default,,0000,0000,0000,,DPRK artifacts, info@\Nkoreacomputercenter.org - we'd love to
Dialogue: 0,0:30:45.19,0:30:51.08,Default,,0000,0000,0000,,talk to you, help make stuff safe, and get\Nmore stuff out for public consumption. I
Dialogue: 0,0:30:51.08,0:30:57.35,Default,,0000,0000,0000,,think we are about that time - are you\Ncoming kicking us off; so we will take
Dialogue: 0,0:30:57.35,0:31:03.31,Default,,0000,0000,0000,,questions across the hall in\Nthe tea room. Thank you.
Dialogue: 0,0:31:03.31,0:31:07.73,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:31:07.73,0:31:13.10,Default,,0000,0000,0000,,{\i1}34c3 postroll{\i0}
Dialogue: 0,0:31:13.10,0:31:27.94,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2018. Join, and help us!