Messing Around With Naenara, North Korea’s Web Browser

Naenara

[Robert] has been snooping around Naenara in order to learn more about how North Korea’s intranet might work. Naenara is the web browser that comes bundled with North Korea’s official Linux-based operating system known as Red Star OS. [Robert] once saw a screenshot of the browser and found it interesting that the browser seemed to automatically load a non-routable IP address immediately upon start-up. This made him curious about what other oddities one might uncover from the software.

Upon start-up, the browser tries to load a page located at IP address 10.76.1.11, which is a reserved IP address for private use. This indicated that North Korea’s “Internet” is actually more of in intranet. [Robert] suspects that the entire country may be running in private address space, similar to how your home or business likely runs.

[Robert’s] next thoughts were that the browser looks like a very old version of Mozilla Firefox, but with some default configuration changes. For one, all crashes are automatically transmitted to “the mothership”, as [Robert] calls it. He suspects this is to fix not only bugs, but also to find and repair any security vulnerabilities that may allow users more control.

There are some other interesting changes as well, such as the supported security certificates. The Naenara browser only accepts certificates issued by the DPRK, which would make it very easy for them to snoop on encrypted HTTPS traffic. there is also evidence suggesting that all traffic for the entire country is routed through a single government controlled proxy server.

None of these findings are all that surprising, but it’s still interesting to see what kind of information can be gleamed from poking around the browser and operating system. [Robert] has found more than just these few findings. You can check out the rest of his findings on his blog.

[via Reddit]

34 thoughts on “Messing Around With Naenara, North Korea’s Web Browser

  1. Yeah,

    And at the rate we’re goin’ here in the States if the NSA has their way, we too, will be living under our own draconian system and with our government’s blessings. If the FCC is allowed to vote the Internet into a tiered service level, then we’ll all be screwed.

      1. @ Cubby: What Fennec said. Folks in the US actually have resources like friendly countries to VPN and there is always AOL. I still have some discs with about 4 years of free trial time.

        Also, HaD, it is “gleaned” not gleamed like Gleaming the Cube http://www.imdb.com/title/tt0097438/ (for the youngstas) Shifts onion-shaped Kryptonics sticker on belt ;)

  2. @cyk: So, you’re saying that all North Korean citizens are employed by the, North Korean, government? — that might be possible over there.
    But does that work in the US: Are all US citizens government employees?
    Can you compare the free-use of the Internet, to the Internet you get from corporate control?

    1. Corporate controls (company intranet) is to protect their own servers and maintain privacy (company secrets). I’m pretty sure most companies are not looking out for the employee and what they wish to view. They know the employees can browse the internet on their smartphones. Other than personal browsing on company time, they don’t really care what you view online with your smartphone.

      1. You would be wrong. Many companies have filters which prevent employees from visiting blacklisted sites, eg, reddit.com (time waster), or pornographic sites (office decorum, fear of lawsuits). Sure, you can visit those sites in your cell phone while at work, but the company has no legal liability for not preventing it.

        1. How about working at a place where you can’t even surf the net for any reason. I was working security for I.N.G. and my supervisor kept telling me to stay off the computer for other than official reasons (hackaday keep getting blacklisted every time I found a new proxy). Apparently, I might miss something will surfing the internet since I’m supposed to be looking at the monitors. What they didn’t understand was that I was perfectly able to catch anything that came up. Warning emails would flash on the task bar, peripheral vision catches any off movement on the camera monitors and every hour or so, I’m standing for a few minute walking unless I’m doing my security tour (check every point physically to ensure all is quiet). But hey, at least I could be bored out of my mind, by myself, in the middle of the night and have to the time to think of ways to knock my supervisor out with a fish sammich.

          All told, it didn’t matter if it was your computer or not, no surfing was the rule. The I.N.G. people was pretty good to work with. The security contractor I worked for was a bunch of dicks though.

          1. You may think so but it’s proven that humans have limited attention and ability to multi-task. Yes you’ll catch the alarm eventually and your peripheral vision may work but that is a very big may and in every study the delay increases. Even some simple things can be missed when people are paying attention which is why the current trend for interface design is a low contrast grey on grey interface. This allows alarms or warnings to be annunciated in multiple ways, audible, visual brightness, and colour.

            Of course this compares your lack of attention to perfect attention at what you’re doing. No one has perfect attention. No doubt surfing the net would in the real world be no different to whatever else your mind does when it’s bored. Did you end up substituting the internet with magazines, music, or daydreaming?

          2. @Garbz The answer to your last question is yes.

            As for what came before it, you’re right, no one has perfect attention on anything. However, if the screen you’re using to surf the net also is the screen that has the flashing bars (a la windoze lay z), it shouldn’t be too hard to not miss an incoming email warning while surfing. As for the monitors, it’s nighttime when I’m on shift. If anything is moving, it’s going to catch my attention because nothing is suppose to be moving on the monitors anyway.

          3. Actually being bored to death can be more detrimental to performance in these kinds of situations (monotonous tasks) than lightly multitasking. I am referring to a study made with drone pilots where the ones that were not allowed to multitask actually had performed worse than the others who could. Unfortunately I could not find a reference for that study. Does anyone out there knows what I am talking about, and can post a link?

    2. All North Koreans are employed by the government. It is right in their propaganda videos, and they are proud of it. You aren’t allowed to own your own business there, and everything is provided by the State. Those that are lucky enough not to be in a labor camp get to work in a closed society for the DPRK. Check out some of the VICE documentaries where they secretly video their visits to the country.

        1. Wow really? You not getting of your ass and doing work for yourself isn’t even a thought to you? You have to be provided a job like a damn kid, and if you don’t you give up, get a life, jeeezzz

          1. +100 – Get with the program boys, or the NSA will come knocking on your door. Now back to work for Big Corp the lot of you, before I revoke your Facebook rights and confiscate your ihazcheezeburger links.

          2. If you don’t like it , you go somewhere else. Or start you own company. You have more options. You can even purchase stock, instead of more beer. Or you just party away and then complain about the man holding you back.

            The company I work for is an ESOP. (100% employee owned). So my efforts do benefit me, both through raises and stock value. Though I will admit, it is still an imperfect system.

          3. Face palm…. People these days are so uneducated, just re-educated….Corporatism is NOT Capitalism, its is socialism, ruled under a plutocracy.. Learn it people

        1. No, that’s how monarchy works, totalitarian governments work, and pretty much every mass murdering state in history. Real Communism is a fake as a unicorn. People desire power, there is no other laws, other than the person that can write them, makes for everyone else but themselves.

  3. I wish people actually bothered to read political theory and the related history. Communism is stateless, in fact the anarchists and communists split off from the same organization due to a disagreement on methods.

Leave a Reply to CubbyCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.