North Korea’s Internet is a small—and fragile—space. The repressive nation only has 1,024 IP addresses and around 30 websites that connect to the global Internet. While there is a limited internal intranet, only a few thousand of the country’s 26 million people can get on the Internet. When they do, it’s highly controlled: These select few North Koreans can use the Internet for an hour at a time and have a person sitting next to them approving their use every five minutes.

When Roy discovered the exposed cloud server, it was being updated on a daily basis. Martyn Williams, a senior fellow on the 38 North Project who helped analyze the contents of the server, says the server likely allowed work to be sent to and from North Korean animators. The server itself is still live, but it mysteriously stopped being used at the end of February. While there is a login page, its contents can be accessed without a username and password. “I found the login page after I found all the exposed files,” Roy says.

  • pelespiritOPM
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Williams says it is possible that a front company in China is used to help disguise the activity and involvement of North Koreans. The researchers were able to analyze connections to the exposed server and, despite most having their location masked by a VPN, spotted access from Spain and three Chinese cities. “All three cities are known to have many North Korean–operated businesses and are main centers for North Korea’s IT workers who live overseas,” the report says.