Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Linux Your Rights Online

Red Star Linux Adds Secret Watermarks To Files 100

An anonymous reader writes: ERNW security analyst Florian Grunow says that North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags. He particularizes that files including Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers. Red Star's development team seems to have created some quite interesting custom additions to Linux kernel and userspace, based on which Grunow has written a technical analysis.
This discussion has been archived. No new comments can be posted.

Red Star Linux Adds Secret Watermarks To Files

Comments Filter:
  • by xxxJonBoyxxx ( 565205 ) on Tuesday July 21, 2015 @08:50AM (#50152015)

    >> privacy of potential users (especially from North Korea) may be impacted

    I didn't know privacy was a thing in North Korea.

    • I'm just hoping the NSA doesn't get any ideas.

      It does lead to a question, though - could someone in North Korea (with a sufficient level of ability) remove or obfuscate those, or is the source code even available to the typical user in NoKo?

      • Do you honestly think the dictatorship makes the source code for Red Star Linux available to its people?

        I'm sorry, but what part of dictatorship are you forgetting?

        This is the government approved version. That's all there is.

        • by Archangel Michael ( 180766 ) on Tuesday July 21, 2015 @09:01AM (#50152133) Journal

          Yeah, I can see it now. NSA Linux, "Freedom Edition with Proprietary Patriot Act Protection!"

          And a Obama working with Boehner will get it done.

          • by rockmuelle ( 575982 ) on Tuesday July 21, 2015 @09:23AM (#50152337)

            That already exists. It's called SELinux: https://en.wikipedia.org/wiki/... [wikipedia.org]

            -Chris

            • And yet, there is nothing in selinux remotely similar to redstar.
              • by Varka ( 767489 )
                As far as you know.
                • by perpenso ( 1613749 ) on Tuesday July 21, 2015 @11:06AM (#50153147)

                  As far as you know.

                  Actually we do know, we have the source code, have had it for about 15 years. Its been in the mainline Linux kernel for about 12 years. In case you haven't heard changes to the kernel get, uh, ... reviewed.

                  • by Varka ( 767489 )
                    This is one of those eternal security arguments; without manually reviewing the code YOURSELF, and compiling the kernel from that manually reviewed code YOURSELF, it's "as far as you know." Maybe you do that, I don't know; I'm just aware that the security of my linux installs relies on a chain of trust, and even if that chain is 100% verifiable from source to binary, there's still no guarantee that there isn't an obfuscated back door or malicious code exploit that was overlooked.
                    • The kernel is heavily viewed, studied, etc. Its changes are reviewed, at multiple levels in a hierarchy. Its probably the one part of Linux where the many eyeballs notion is reality rather than myth.
                    • And yet, regressions and other bugs still get in. I'm a big fan of the many eyeballs theory, but there are limitations to it.
                    • And yet, regressions and other bugs still get in. I'm a big fan of the many eyeballs theory, but there are limitations to it.

                      Yes, but successful exploitation is a very different story. And such attempts are a bit unlikely when the code is publicly coming from the NSA. Anything coming from them will get extra scrutiny by some.

                  • We have had source code for Bash for decades, and it got reviewed multiple times, yet, we got shellshock exploit. Who knows how long it was being exploited before discovery.
        • But... It's GPL... and they're modifying it! And Distributing it!
        • Do you honestly think the dictatorship makes the source code for Red Star Linux available to its people?

          I'm sorry, but what part of dictatorship are you forgetting?

          This is the government approved version. That's all there is.

          So, is this a violation of the GPL? Is NK even bound by the GPL?

          If so, let's see how big the balls of the FSF REALLY are...

        • by KGIII ( 973947 )

          Someone should sue for violating the GPL. It would be damned amusing. I saw this download on a torrent site the other day, they had directions to change to English, I did not bother with it.

      • by Lumpy ( 12016 )

        if details on the tags are revealed, then it will be trivial to write a patch that randomizes the tag making the government furious.

      • by Anonymous Coward

        I'd highly doubt the source is being made available. But yes, if they can implement this, someone with sufficient access and remove it. Many Linux users compile their own builds, as long as the source is available it can be tweaked.

        But why on earth would a repressive regime who created a custom linux distro specifically to track users, make that source code available to anyone?

        I suspect that a good programmer/admin would be able to not only detect this, but block it right in the OS. This is linux, there'

        • Well there you go, kill or replace that binary, or simply remove the call or change it's destination, no more tagging.

          You realize that only select few (very few) North Koreans can access the internet. Those are exclusively in the cyberwar wing, so they knew about this anyway or so senior they love the regime because they're helping to rule it. No one else is really going to know about the watermarking.

      • Just how would a normal non techie know if his version of Linux hasn't has stuff added by the say NSA? Unless your a coder you wouldn't know. How do people know the copy they download from so and so university hasn't been NSAed? Unless you download from the Official servers you can be getting anything right?
    • by Adriax ( 746043 )

      I didn't know there were more than a dozen north koreans who could afford computers.

    • I didn't know privacy was a thing in North Korea.

      Well not everywhere is as willing to give up their privacy as the US.

  • Is www.kernel.org accessible from North Korea? One can then pull the sources and compile a custom kernel omitting their "rtscan" module.
    • Re: (Score:3, Insightful)

      Ken Thompson's C compiler [c2.com] is an interesting read on the subject:
      http://programmers.stackexchan... [stackexchange.com]
      http://www.reddit.com/comments... [reddit.com]
      Basically, It's a compiler with a backdoor that injects it's source code when it's compiling itself. pretty interesting idea for 1984.
    • Re:custom kernel? (Score:5, Insightful)

      by gstoddart ( 321705 ) on Tuesday July 21, 2015 @09:10AM (#50152247) Homepage

      Seriously?

      Most North Koreans don't have access to the internet. Most North Koreans don't know a damned thing about Linux. Most North Koreans don't know a damned thing about kernels or spying modules installed on their computers.

      Do you really think people are going to compile a custom kernel to get around the brutal dictatorships surveillance and risk their lives for something they probably don't know exists?

      Come on, guys, learn a little about North Korea before suggesting the populace just whips up a custom kernel to work around this.

      Under a third generation pisspot dictator, the overwhelming majority of North Koreans will only know what they've been told. They're poor, starving, and isolated from much of the rest of the world.

      And the suggestion is to go to kernel.org? Pathetic.

      • by PPH ( 736903 )

        Most North Koreans don't have access to the internet.

        This sort of thing is aimed at government employees who might become disaffected and begin working for some western intelligence agency. Your office PC watermarks every document on its way to the thumb drive (or floppy disk). In the event the media is intercepted on its way out of the country, they know whose desk to visit.

    • by Ramze ( 640788 )

      My guess (and I admit, it's pure speculation) is that only a select few who created the OS have access to such sources -- that and perhaps NK sponsored hackers. Everyone else is restricted to the national intranet. Well, everyone else that is lucky enough to even see, much less use a computer in NK. The country has enough trouble providing food, much less electronics for its citizens.

  • by AndyKron ( 937105 ) on Tuesday July 21, 2015 @09:02AM (#50152137)
    Is this any different that our government forcing printer manufacturers to put secret watermarks on pages printed?
    • Yes. People don't use ink-jet printers for child pornography; obviously, they just want to know what computers the child pornography has been bittorrented through.
      • Yes. People don't use ink-jet printers for child pornography; obviously, they just want to know what computers the child pornography has been bittorrented through.

        IIRC, the watermarks (yellow dots) were mandated on COLOR printers as an anti-counterfeiting measure, not (for once) as a "Think of the Children!" anti-child-porn thing. The Feds were worried that color printers were getting good enough that people (other than the gummint) would be able to use them to print bogus money. Of course, anyone who has seen the output of pretty much any consumer-grade color printer knows that this is laughable; but this is the gummint we're talking about.

    • by Anonymous Coward

      Or tracking/spying on every phone call, email and web site they visit?
      Face it, North Korea is poor, but its leaders and the 'free worlds' are all a sham, sure, you can 'vote', but only for those the power structure has approved of. Members of the US congress are vetted by big money, and remember, theres ONLY two parties, errr, make that ONE party
      the Republicratian party.

    • Is this any different that our government forcing printer manufacturers to put secret watermarks on pages printed?

      actually, yes it is! the point of the watermarks made on color printers is to make it easy to track down counterfeiters, specifically those printing USD. fun fact, North Korea loves to counterfeit $100 USD notes.

      • Sorry, but it has the net effect of making every printed document uniquely identifiable.

        Which means whatever pretense they used, they can now use it for anything else they damned well please.

        You can keep believing your government isn't trying to monitor and control everything you do. But you'd be wrong.

        Much like terror laws are being used to piggy back for the rest of law enforcement, despite assurances to the contrary, they can and will abuse any other technology which is made available to them.

        There's re

        • it has the net effect of making every printed document uniquely identifiable.

          wrong. it only applies to color printouts. the jillions of black and white text pages printed out are unaltered.

      • Comment removed based on user account deletion
    • If it is secret, than how do you know about it?
    • Is this any different that our government forcing printer manufacturers to put secret watermarks on pages printed?

      1 It is not "our" government alone, but "all" governments whose currency can be plausibly counterfeited by a color laser printer that demand watermarks.

      The geek living "off the books" needs a $20 bill which is generally trusted.

      2 The laser printer is not an operating system that can tag all files sent and received.

  • Oh the horror (Score:4, Insightful)

    by Blaskowicz ( 634489 ) on Tuesday July 21, 2015 @09:10AM (#50152245)

    Desktop software is really horrible these days. To preserve your freedoms, use Chrome OS or Android and organize your collaborations and activities over Facebook. Capitalist computing is much more trustworthy than that evil communist Linux thing.

    • Desktop software is really horrible these days. To preserve your freedoms, use Chrome OS or Android and organize your collaborations and activities over Facebook. Capitalist computing is much more trustworthy than that evil communist Linux thing.

      See sig.

  • Luckily we are safe :) !\:&%4-n|S.#%'K5:G%M],%"&$ W78]E_EOF

  • Does it make a difference whether the software is doing this or your printer/copier does it? For a long, long time, laser printers and copiers have been doing the same thing to show where the document came from. Isn't this just the paperless version of what we've all been living with for a a very long time?

    • Shhhh .... it's not fair to point out how "free" societies try to do the same fucking thing.

      It confuses the plebes who still think their own governments aren't actively trying to become fascists too.

    • I use text format for everything. Pretty hard to add watermarks there without noticing.

      • If you send it to a laser printer or copy it on a copier there are watermarks. Doesn't matter the format used. Unlike the old fashioned typewriters where law enforcement could match the document to the typewriter based on how individual keys hit, in the digital age they had to find some other way. So, every laser printer and copy machine prints a tiny watermark that can trace the document to the machine that produced it.

  • No, it doesn't (Score:5, Interesting)

    by kromozone ( 817261 ) on Tuesday July 21, 2015 @09:23AM (#50152341)

    Before: https://i.imgur.com/oOoWssF.pn... [imgur.com]
    Open in Red Star 3.0: https://i.imgur.com/MiORhD3.jp... [imgur.com]
    After: https://i.imgur.com/uqAvXC6.pn... [imgur.com]

    The above uses an MS Word document created in Office 2011.

    I've tried jpg, docx created in MS Word, docx from LibreOffice, and numerous other random file formats copied onto my thumb drive - the MD5 remains exactly the same in every case.

    • Are you viewing the hex on RedSTAR OS as well? They may have "fixed" that problem, though TFA does seem to be claiming to use md5sum on the OS itself, so probably not likely. Also really they don't post any evidence supporting the notion that it is a hardware serial number inserted or anything. Maybe they had flash enabled, tried browsing the web, THEN performed this experiment?
      • I'm viewing the hex on Mac OS X. I formatted a thumb drive, saved a newly created .docx file on it, ejected, connected to a Red Star 3.0 VM, opened the drive on Red Star, ejected and then connected back to OS X. The md5 and hex were exactly the same before and after. When I posted this to a thread on reddit the author came back to claim that the behavior didn't occur with .docx created in MS Word but did occur with .docx created in LibreOffice and with .jpg files. The .docx file I'd used in the first trial

        • And you've verified you have the same kernel modules and binaries running described in TFA?

          Is there a slight chance if the VM can't access the hardware IDs needed to watermark, that it does not apply one? You have an old box you can run Red Star on natively?

    • Did you wait long enough for their "virus scanner" to run? Also, maybe you need to spoof it so it looks like your computer is in Korea.

  • by jeremyp ( 130771 ) on Tuesday July 21, 2015 @09:30AM (#50152383) Homepage Journal

    He particularizes

    I don't know what makes me sadder: that he used that word or that it apparently is a word.

    • Well, all you have to do is come up with an enbiggened disincentivicationism to counterproduce the linguinistical resultifacts that meet your desirenessifity.
    • That was my first reactification, too, but apparently that word has been verbed since at least the 19th century. [reference.com]
    • by glwtta ( 532858 )
      I don't know what makes me sadder: that he used that word or that it apparently is a word.

      I feel sadder for the poor fellow who apparently spontaneously disassociated into a cloud of particles.
  • by Anonymous Coward

    Okay, I know this is North Korea we are talking about, but non-secret watermarks can be useful in some "overlord" situations.

    Back before cell-phone cameras became common, I worked for a company where every photocopier put a visible, human-readable watermark. They also banned cameras without a permit from corporate security. It was never stated outright but I'm sure this was either to deter industrial espionage or to comply with a contractual obligation that they take such steps.

    • by AHuxley ( 892839 )
      The US and UK became very interested in the photocopier aspect when the UK found a photocopier without a counter or security in an area with its security document vaults. An individual had been using it to make all the copies wanted of secure documents and walking out with the clean copies.
      The US and UK then upgraded and further restricted photocopier access policy with counters, educated security staff and by installing cameras in the photocopier units to record what was been copied and by what person.
      V

If all else fails, lower your standards.

Working...