Abstract
New Zealander
“
It showed the typically hyperbolic, nationalist style of news reporting that is behind all of North Korea’s other online news and propaganda outlets. And it shows why independent news coverage on North Korea is so badly needed.
For nearly four years New Zealander Frank Feinstein has been monitoring KCNA through the service KCNA Watch (kcnawatch.nknews.org), part of an independent North Korea-focused news site. Feinstein told Index that although North Korea is still one of the most oppressive states in the world, the internet age means “its mechanisms of control leave a trail behind”. KCNA Watch was established to follow those trails.
A poster for The Interview, a US comedy about an imagined assassination plot against North Korean leader Kim Jong-un, on the streets of New York City. The FBI blamed North Korea for the cyber attack against Hollywood studio Sony Pictures in December 2014
Credit: DDP USA/REX Shutterstock
The service monitors North Korea’s official news for the movements of the country’s rulers, as well as looking at the stories they like and promote. It’s also an open-source archive for stories that were once showing in Pyongyang’s KCNA-dominated news sites, but have now disappeared. It’s needed because KCNA re-edits and deletes stories that it doesn’t like, just as George Orwell’s Ministry of Truth did in his novel 1984. It even tries to stop search engines finding them, using a design that prevents external archiving, successfully frustrating even Google. For example, a reader could take a current news headline or text from KCNA’s site (kcna.kp), put it into Google’s search engine and follow the offered links. But nothing will come up.
Yet sometimes all the North Korean government’s attempts to rub out public information fail. Feinstein’s biggest scoop came in December 2013, following Pyongyang’s swift and public purging of Jang Song Thaek, Kim Jong Un’s uncle and previously one of North Korea’s most powerful men. Jang was executed after being accused of being a traitor.
Hundreds of articles mentioning Jang rapidly disappeared, and the targeted erasing of one man’s history soon escalated into the mass deletion of all 39,000 articles which had appeared before October 2013. It was a wipe-out across North Korea’s online news sites that, to Pyongyang’s annoyance, Feinstein recorded and reported. At the time he told Index on Censorship that it was “the largest ‘management’ of its online archive North Korea has engaged in since it went online”.
But there were consequences for bringing this to the world’s attention. Feinstein believes that Pyongyang took revenge against his archiving and “banned the entirety of New Zealand” from accessing North Korea’s servers. Feinstein has accounts with the four sites that have New Zealand’s largest range of internet protocol addresses. These identify particular computers and routers and their geographical location – information that others can trace and use to block them. When he noticed there was a blockage, Feinstein said: “I tested each individually, then rang my internet service provider to test the maximum ranges they had available for North Korea. All came back banned.” Feinstein, who has a doctorate in computer science, then asked his contacts in New Zealand’s IT field to test their IP ranges, and, along with the main telecommunications firms, they confirmed their ranges were banned. But it was not universal. Frank said contacts in Australia “unanimously confirmed that every Australian address was able to access North Korean sites, but New Zealand IPs were blocked.”
However, there are those who fight back. Feinstein said numerous people have claimed to have hacked North Korea’s intranet (called Kwangmyong), a system designed to monitor individual users across the country.
“Hacking is getting you somewhere that the target system didn’t intend,” he said, adding, it’s often “script kiddies” who hack North Korea when it’s in fashion. As NK News’ chief technical officer, he said: “It would sometimes fall in my position to verify these claims from people outside the ‘professional sphere’. I’d follow these up – not independently – but to ‘prove’ that it can be done.” Hence he is a hacker, but not the destructive kind.
Far from the stereotypical bedroom-locked, Red Bull-fuelled script kiddy, Feinstein is the professional, urbane, 35-year-old director of a data-archiving company, Feinstein Doak, which tracks and archives social media and online publications, mainly of people or institutions in power and authority. He said: “If you’re a public figure in New Zealand and make a silly Facebook post, then delete it, nonetheless it’s probably been permanently archived already by me.”
Feinstein first became interested in censorship and propaganda years ago when he lived in Lithuania; his wife’s Soviet-era school textbooks fascinated him in the way they deleted public figures as they fell out of political favour. He came to learn basic Korean from his older brother, who was living in South Korea, then over years he taught himself to read and write the language, as he became intrigued by North Korea’s own news output. It was when an injury side-lined him from work that he had the time, skills and curiosity to set up KCNA Watch.
And it’s clear that his work has been spotted by the North Korean authorities. “They do view me as a threat,” he told Index, adding that there is “probably someone in North Korea in charge of stopping me, [… but] there’s nothing they can do about it.” He said that technical assistance from China has improved North Korea’s security systems to cover its estimated three servers, 1,300 IP addresses and 550 URLs as of 2014, but “they still can’t beat me”.
His opponents across the keyboards are well-funded and have plenty of resources. According to professor Kim Heung-Kwang, who taught computer science at North Korea’s Hamheung Computer Technology University before defecting in 2004, North Korea has a 6,000-strong corps of cyber-warfare specialists, and regularly targets South Korea’s government and corporate IT infrastructure. Feinstein said: “North Korea is a viable and real cyber security threat to numerous Western countries, but specifically the USA.”
North Korea’s most famous alleged assault was in November 2014 when Sony Pictures Entertainment’s systems suffered a malware shutdown and several terabytes of data were hacked. A group called Guardians of Peace claimed it was behind the attack, but North Korea was put in the frame by the Guardians’ demand that Sony cancel the imminent release of the comedy film The Interview, which notoriously features an assassination plot against Kim Jong-Un. Within weeks the FBI announced it had proof linking North Korea to the hack, saying North Korean IP addresses were associated with the malware, and malicious software was of North Korean origin. These accusations led to more sanctions being applied against the already isolated country. But while Pyongyang condoned the attack, it denied involvement. Several Western IT analysts, including Wired.com’s Kim Zetter, Defcon organiser and CloudFlare researcher Marc Rogers, and Kurt Stammberger from cyber security firm Norse, said the FBI’s case was flimsy.
Still, based on off-the-record evidence, Feinstein is convinced North Korea was involved. Proof is difficult to quantify, he said: “No one is ever going to spill the beans on this. No one can go on record without implicating other individuals that have gained trust.”
It’s worth remembering hackers come in all forms and they work for all sides. Days after the USA accused Pyongyang over Sony, North Korea’s sole connection to the internet was knocked offline, which some blamed on the CIA. The speed with which the USA affirmed North Korea’s guilt supported ideas that the National Security Agency had long been accessing North Korea’s computer networks via secret access points used by South Korean intelligence – and had done so without South Korea’s knowledge.
All sides use news as a weapon. The long-awaited effort to direct BBC World Service broadcasts at North Korea was announced in the UK government’s 2015 national security strategy. Feinstein said: “America and the UK care far more about North Korea than many South Koreans do”, and their media is dominated by publications reflecting their national interest. Nonetheless, even with the Chomskian model of “manufactured consent”, he believes comparisons between the West and totalitarian models are invalid.
The West’s bias and propaganda is “much more sophisticated” than the “blunt” propaganda from both North Korea and South Korea. “South Korea is a straight-out authoritarian state with regards to media. In fact, it’s simply illegal to print anything from North Korea in the South, and that’s why I’m banned there,” he said. Just weeks before the purging of news about Jang Song Thaek in North Korea, South Korea blocked KCNA Watch under the arcane 1948 National Security Act, which prohibits any published material of Pyongyang origin. “You have better access from Tuvalu to North Korea than you do in South Korea,” said Feinstein.
Feinstein has been invited to North Korea – by whom he will not say – but has declined because he worried it could put his brother, who still lives in South Korea, in a difficult situation. Now after four years spent monitoring North Korea, Feinstein has decided to swap technology and hacking, to re-train in medicine. “In my training in medicine, it’d be very easy to diagnose both the North and South as paranoid schizophrenics,” he said. He added that it seemed the overall thirst for propaganda outweighed any substantial demand for real news about North Korea. Hence in part why Feinstein is changing careers as he seeks to start a family. “I utterly do not want to be doing this sort of hacking work when that happens,” he said.
