
A Closer Look at North Korea’s Ullim Tablet - philngo
http://38north.org/2017/03/mwilliams030317/
======
leggomylibro
This is a terrifying manifestation of what technology makes trivially
possible. This device:

* Logs every app and web page that you open.

* Keeps forensics on shared files based on hashes, to track networks of like-minded dissidents or individuals sharing similar files.

* Refuses to open any _files_ which are not signed by either the government, or the device which created the file. (e.g. photos can be viewed only on the device that took them, while government-approved files can be shared freely.)

Among other things. Yikes.

~~~
fluxem
So, basically Android? Except, you don't get shot in the back. With Android,
it automatically syncs Contacts and photos to the "Cloud", unless you disable
it. But, you cannot do it 100%, because it's turn on by default when you first
sign in. Also, it's not a secret that Google logs your locations history.

~~~
ioulian
I don't fully understand that this comment is downvoted. He has a point there.
We are all being tracked, just see your history [1] on the google website.

It tracks the websites you've visited, the video's you've watched, music I've
played, things I've searched, App's I've used (Camera for example), directions
I've searched (google maps), ads I've seen, cards in my feed (google now), my
location history (actually very cool and very scary)... There are probably a
LOT more metadata they have on me that I don't know

I mean, they have a LOT of my data, they know probably more about me that I
know about myself.

Of course we aren't blocked for using any apps or viewing files, but they know
that we are using and viewing the apps/files. I think it's in their best
interests not to block anything, as this way they get a lot of information
they otherwise would not get.

You can compare the "my activity" with "Trace Viewer". It's just a matter of
perspective. Don't get me wrong, I don't approve the NK way of blocking
everything, but the tracking of the data happens in the West already too and
we just "accept" it.

[1]
[https://myactivity.google.com/myactivity](https://myactivity.google.com/myactivity)

~~~
tokenizerrr
Keep in mind that you're comparing an oppressive regime with... android. The
open source phone operating system. And you think this is a sensible
comparison?

~~~
quirkafleeg
He's comparing this device's tracking with Google's tracking. Why are you
pretending you don't realise that?

~~~
tokenizerrr
There is a difference between opt in and getting yourself and your immediate
family killed in the process of opting out. You can also install custom ROMs,
or just use android without the google apps and not worry about any of this.
You can do this in like an hour. If you're stuck in North Korea, there is
damned little you can do other than get shot for sending a text message about
it (if that is even possible). Which is what we should be discussing here.

~~~
quirkafleeg
So instead of a potentially interesting thread about this device, what it
(supposedly) does, how it compares to tech or practices here, we should have
another all-been-said-before-1000-times discussion re-stating the boringly
obvious about how grim life is in NK?

~~~
tokenizerrr
This comment thread isn't about any kind of NK tech. It's another all-been-
said-before-1000-times discussion re-stating the boringly obvious about how
Google is evil.

------
Paul_S
Funny thing capitalism, I have a more robust version of this on my work PC
(seriously, makes this look amateurish). Except of course I have the "choice"
to not accept it and go work for someone else.

~~~
d0lph
You highlight choice like you're being sarcastic, but is there anything that
stops you from looking for a job? If it's a big deal to you you'll make it a
priority, if it's not a big deal to you you'll stay where you are.

~~~
Paul_S
Why do poor people accept the mistreatment by their employers?

Why do you complain about the company dumping waste in your backyard - just
move to a nicer neighbourhood.

------
bdcravens
Reading this the engineer in me was impressed at their thoroughness. I believe
it's easy to fall into a trap of thinking of the North Korean government as
grossly incompetent, and this isn't necessarily true. If these assumptions
extend to Western leaders, it could one day have a disastrous result.

~~~
abalashov
I do wonder where they source the talent and expertise with these platforms
necessary to pull something like this off. I understand that's kind of a naive
question—any functional state has sufficient resources to solve such problems
for itself—but one does wonder. I can only assume there was extensive Chinese
help. They definitely have the critical mass of engineering ecosystem for that
sort of endeavour.

~~~
lucaspiller
If you think about, the NSA, GCHQ, etc probably run similar software on their
own devices to monitor employees and be able to trace back where any leaks
came from. I wouldn't be surprised if there is a commercial company that sells
this type of software.

~~~
cyphar
> I wouldn't be surprised if there is a commercial company that sells this
> type of software.

BlueCoat. They're called BlueCoat. As an aside, a subdivision of Intel
actually runs the internet filters for some middle eastern country (due to
some chain of acquisitions). Isn't that great.

~~~
willstrafach
BlueCoat is used in private industry for security / DLP, certainly, but IC
agencies have their own comprehensive systems in place to ensure sensitive
data access is highly controlled and audited.

------
Cieplak
Random fact that I learned recently, 20% of the North Korean population was
killed during the Korean War (1950-1953). Mostly with Napalm. :(

~~~
IslaDeEncanta
The US dropped more bombs on North Korea than we dropped on all of Europe and
Japan during WWII. Proxy wars between superpowers never work out well for the
actual people affected, and we should not be so forgetful of that.

~~~
friedman23
It worked out well for the South Koreans

~~~
devoply
It was no treat for anyone involved:

Number of Americans killed in the Korean War: 36,000

Number of Americans wounded in the Korean War: 105,000

Number of South Koreans killed in the Korean War: 415,000

Number of South Koreans wounded in the Korean War: 429,000

Estimated number of Chinese and North Koreans killed in the Korean War:
1,500,00013

I would like to hear more from historians as to what would have happened had
the war never occurred. My guess is a united Korea would be in line as a
periphery of China with their level of technology... with Kim Il Sung and his
family long gone and irrelevant.

I would also like to add that Americans know nothing of modern war never
actually having had to live through it or having to deal with its consequences
on their livelihoods, economy, or psychology. War for Americans is stuff that
happens to other people... where they send oblivious young men to fight who
are usually forgotten as soon as they are sent off to protect "freedom".

~~~
dmos62
In a recent talk by Chomsky, he described US Air Force literature or rather
documentation of the Korean conflict. Apparently the bombing was so thorough,
they ran out of targets in North Korea. Not only military, but infrastructure
and cities as well, as I recall. One of the impressive things about post '53
North Korea is that they did a complete rebuild.

~~~
dingaling
There was a lot of pressure from the operations level to expand bombing into
China, which tactically made a lot of sense; NK and Chinese MiGs retreated
across the Yalu River each night and there were plenty of worthwhile targets
such as supply dumps and routes.

However the JCS denied all such requests and remarkably there were only two or
three violations during the entire war, such as the August 1950 strafing-
attack on Antung airfield. The USA offered compensation afterwards despite
that being the home of over 100 MiG-15s engaged in the war.

~~~
devoply
Imagine what the world would be like today had they bombed the shit out of
China. No way in hell you repair a relationship like that.

------
mikeevans
Here's a link to the talk from 33c3 -
[https://www.youtube.com/watch?v=fAtWwadP6CY](https://www.youtube.com/watch?v=fAtWwadP6CY)

------
raulk
The North Korean developers who worked on this must be privileged beings with
access to the open Internet. I can't imagine developing such a complex system
without documentation and references.

Maybe they even hang out in Stack Overflow...

~~~
SXX
There is good chance it's actually developed by developers seating somewhere
in Bay Area working for some VC-funded company with inconspicuous name.

After all there is a lot of commercial surveillance software that sold to
authoritarian regimes. Of course that doesn't mean someone work directly with
NK.

~~~
icelancer
Exactly. This was almost certainly made by a Western country under NDA.

~~~
hutzlibu
I doubt it. They would be too scared of implemented backdoors. They might
outsource some parts, maybe to china or india, but they will likely assembly
it in NK - to have full control over it.

~~~
sleepingeights
They're likely a test-bed for a prototype surveillance system already being
developed and/or deployed by the Silicon Valley of the West for Western
regimes and dictatorships.

edit: Even simple surveillance features like file tagging are already deployed
within the US, and is how the FBI claims to track stolen documents to Chinese
hackers. Although, the system the FBI uses to track document content
traversing the internet is likely quite a bit more sophisticated. The
prototype system can even be a rootkit spying system used by corporations to
spy on their employees and/or their consumers and customers.

The chain of sales is almost certainly from Silicon Valley, to a Chinese
front, to North Korea or [ SV and China ] to North Korea. SV, US, and China
work closely together in regards to surveillance, the only real difference is
their rhetoric and how they sell it to their citizens.

------
Graphon1
ok , so DPRK is installing spyware on tablets that are sold in DPRK.

Reading this article, it occurs to me that it's not very different than the
surveillance that the NSA is performing on US Citizens, except the NSA is
smarter about it and taps the network access, at the network provider.

~~~
bschwindHN
Are you joking? We couldn't even have this conversation on North Korean
devices. As bad as the NSA might be, this is on a completely different level.

~~~
fit2rule
Its only a different level because of the amount of control the NSA has over
the technological infrastructure, and the degree of force that can be brought
to bear - through multiple independent factions of the US military-industrial
infrastructure - upon those whom the establishment deem, through surveillance,
to be un-savoury.

You probably haven't been paying attention, but the US Gov't make dissidents
disappear all the time. They just do it with a velvet glove on, whereas we're
more accustomed to complaining about/being distracted by the heavier hand
represented by the propaganda against North Korea.

The US gov't is not as innocent as you might think when it comes to handling
dissidents. Its just very, very good at maintaining the facade that its all
done 'for the greater good of the people of the United States and its
possessors'. The USA is, after all, a PR-first nation.

~~~
briandear
Are we really comparing the DPRK with the US? This thread has jumped the
shark. Anyone in the US could be a dissident -- it's called the first
amendment. Unless you are from the People's Republic of Fantasia, there's a
good chance your country isn't a shining example of freedom either. But, it
seems that the fashion on HN is to complain about the US at every opportunity
-- even within an article about North Korea.

This could be a story about Hilter and people would find a way to engage in
moral relativism.

~~~
PerfectDlite
> fashion on HN is to complain about the US at every opportunity -- even
> within an article about North Korea

See "Whataboutism"

------
mangecoeur
Weirdly, I actually liked the part where you could browse through the data the
device tracked. I wish I could do this on normal Android, because I know I am
being tracked by Google and other apps but I have no way of knowing what they
actually recorded.

------
jorblumesea
Definitely puts a dent in the distributable flash drive plan that many
activists have been working on implementing. Unless some kind of self signing
flaw is discovered and exploited seems unlikely subversive media will be as
widely distributed.

------
thriftwy
The business would love to lock down their employees' devices (especially
handheld and embedded) like this.

They should just come with this system to open market, make a company that is
worth billions from the start, because every BigCo would love to buy.

~~~
sametmax
It would be illegal in many countries. E.G: france law consider that an
employer can't watch private documents even when opened by an employee, during
working hours, using the company equipment.

~~~
thriftwy
But this way, employee can't even open private documents! Which makes
transgression impossible. Any document that can be opened is a company
document, which can be watched.

~~~
sametmax
It would mean that any document sent by a client or a peer would need pre-
approval which would make you very, very improductive. In NK, you can get away
with it because you have basically no competition. In our countries, the
company doing so, unless everybody is doing the same (or only if
secrecy/security is part of the value of it's business) would make it
completly uncompetitive.

~~~
thriftwy
But it isn't for white collar. It's for workers operating tablets and embedded
touchscreens as parts of machinery.

They have all kinds of embedded Windows and Linux there, but they have more
holes than Swiss cheese.

For white-collar workers you can integrate this with e-mail and workflow
solutions, needs additional work but will make that company worth $10B.

------
dazhbog
Maybe they just pointed the tablet to the government's servers instead of
Google's. The rest comes out of the box..

~~~
mrtimo
Hey dazhbog, coming to Shenzhen soon May 21-23rd -- looking to connect. can
you reach out to me? nameistim@gmail.com thanks

------
tyingq
There's a positive project for the CIA/NSA. Flood the North Korean market with
smuggled privacy protected versions of the same model of tablet that work on
the DPRK network. And maybe a worm that fixes the other tablets.

------
panzer_wyrm
Credit where credit is due - they have turned android into ios. They have
locked bootloader, kernel patch protection and static and dynamic code
signing.

------
linkmotif
The one good, albeit tragic, thing about the existence of North Korea is that
it serves as a constant reminder of what society can become if we're not
vigilant about educating each generation about the dangers of certain
ideologies and modes of social organization.

~~~
IslaDeEncanta
The government of North Korea is one of the two puppet dictatorships
established in the Korean peninsula after World War II. It was the will of the
Korean people to establish a socialist democracy, not a Juche dictatorship,
but in 1946 the USSR and USA decided that what the Korean people wanted was
the least important concern. The point is that it wasn't the ideology of the
Korean people that mattered, it was the clash of 2 imperialists and its
result.

~~~
Houshalter
Dictators have come to power through many methods through history. Being given
power by an outside force is only one possible route to totalitarianism. Many
dictators start out popular and sometimes even democratically elected.

The scariest thing about modern dictatorships is they may never go away once
established. As surveillance technology improves, perfect ideological control
becomes possible. As drones and robots replace human soldiers, uprisings
become much less practical. Nuclear weapons eliminate the threat of foreign
invasion. Eventually anti-aging will prevent the dictators from even dying.

That was always the scariest part of 1984 for me. Not that the world was a
dystopia, but that it was _completely stable_. The state could continue on for
thousands of years. Or at least until they ran out of natural resources.

------
vldr
They could start selling these to Turkey... ;)

------
mycall
xda-developers need to root this device.

------
ensiferum
NSA is working relentless trying to figure out how to get one of these in the
western market ;-)

------
grindal
The same in Europe today.

Smartphones are so bad.

Tricks or truth, reality or fiction. What make your phone?

------
pjdorrell
In North Korea, browser history deletes you!

~~~
briandear
I think today you won the internet.

------
djloche
Total war against the whole Japanese Empire was completely morally justified
in the same way that total war against Nazi Germany was.

~~~
megapatch
You can never morally justify war against civilians, sorry.

~~~
fit2rule
Civilians are responsible for their governments. Alas, this is a hard truth
that many civilians do not wish to be reminded about.

~~~
quirkafleeg
>> You can never morally justify war against civilians, sorry.

> Civilians are responsible for their governments.

So the attack on the WTC was justified in your opinion?

~~~
fit2rule
If you wage war on foreign nations, and allow your government to do so, then
you shouldn't be so surprised when it comes back to roost. No, the WTC attacks
were not justified. But they were definitely to be expected, given the carnage
around the world that the USA has been propagating now, for 80 years. When
your nation maintains its moral authority to indiscriminately wage war around
the world, you should not be surprised when that war comes to your footstep.

------
ezequiel-garzon
I prefer the version "not all that glitters is gold", otherwise it sounds like
gold, which glitters, is not gold. Interestingly in Spanish both versions are
also popular.

~~~
AdmiralAsshat
The word order "All that gli[t]ters is not gold" is taken from Shakespeare (
_The Merchant of Venice_ ), so that gives it quite a bit of staying power in
English.

~~~
laurieg
Although in the originl he used the word "glister".

~~~
AdmiralAsshat
Hence why I put the bracket around the first 't'.

