How Kim Jong Un Used Every Computer To Spy On His Own People

Added: 2026-05-21

[00:00:00]It's a quiet evening in Pyongyang, North Korea. A university student plugs a USB drive into his computer.

[00:00:07]On it, a South Korean drama that half his dormitory has been whispering about.

[00:00:12]He opens that folder. The video plays perfectly. He watches an episode, copies the file to share with his girlfriend, and goes to bed.

[00:00:23]3 weeks later, security forces knock [music] on his door. They seize his computer and take him for questioning.

[00:00:29]They don't need a confession.

[00:00:30]>> [music] >> They have something better.

[00:00:32]A complete cryptographic record of everyone who has ever touched that video file. His computer ID, his girlfriend's ID, his friend's ID.

[00:00:41]Even the smuggler at the Chinese border, [music] someone he's never met.

[00:00:45]The USB drive has become a confession.

[00:00:48]But the weapon that made this possible [music] isn't what you'd expect. It's not a surveillance camera. It's not a wiretap. It's not even a spy hiding in the walls.

[00:00:56]>> [music] >> For years, Western experts dismissed North Korea as a technological joke. A nation running on pirated Windows and [music] obsolete hardware.

[00:01:05]But in December 2015, two German security researchers stood [music] before one of the world's largest hacker conference and revealed something that shattered that assumption. [music] They had obtained leaked software from inside the hermit kingdom.

[00:01:18]And what they found [music] wasn't a crude imitation. It was a weapon.

[00:01:22]Code so sophisticated that it turned [music] every computer in the country into an informant for the state. But how?

[00:01:29]How does a file remember [music] everyone who's touched it?

[00:01:31]How does a regime with limited resources track millions of people's digital lives?

[00:01:36]And how did two researchers in Germany expose a surveillance system that nobody knew existed?

[00:01:52]In early 2015, something unexpected appeared on a Russian torrent site. A complete copy of North Korea's indigenous operating system had leaked.

[00:02:01]Someone finally brought a copy past the border.

[00:02:04]Security researchers Florian Grunow and Niklaus Schiess downloaded it immediately.

[00:02:09]The first boot was surreal. The interface was stunning, a near-perfect replica of Apple's Mac OS X, complete with sleek dock and polished [music] icons.

[00:02:19]For a regime that regularly condemned Western imperialism, the aesthetic choice was striking.

[00:02:24]But they weren't interested in how it looked. They wanted to know what was running underneath.

[00:02:30]They began a forensic audit, a deep technical autopsy of every piece of code.

[00:02:34]They decompiled binaries, which means reverse engineering the software to read its hidden instructions.

[00:02:40]They analyzed network traffic, traced background processes that users would never see, and examined every corner of the system.

[00:02:47]What they found beneath the surface was so disturbing that it became one of the most anticipated sessions at the 32nd Chaos Communication Congress in Hamburg.

[00:02:57]In front of thousands of the world's elite hackers, they were about to expose the wet dream of a surveillance state.

[00:03:03]By December 2015, standing before a packed auditorium, they were ready to reveal their findings. But first, they needed the audience to understand the problem this system was designed to solve.

[00:03:15]Actually, you kind of want to know how do they build their operating system?

[00:03:19]Like it's it's a surveillance mess, I would say, a privacy nightmare.

[00:03:31]North Korea has its own internet called Kwangmyong, a domestic internet completely isolated from the global web.

[00:03:37]Citizens cannot access Google, YouTube, or any foreign site. The regime built digital walls.

[00:03:44]But there was a problem they hadn't anticipated, USB drives.

[00:03:48]In the early 2000s, cheap portable storage began flooding across the border from [music] China.

[00:03:53]On those drives, South Korean dramas, K-pop, foreign news, documentaries about life outside North Korea.

[00:04:00]An underground distribution network emerged with a peculiar name, the sneakernet. Data traveling via someone's sneakers, physically carried person to person rather than transmitted online.

[00:04:12]A USB stick might cross the Yalu River from China, get sold in a border town black market, then travel hand to hand to Pyongyang.

[00:04:20]One drive could expose hundreds to outside information.

[00:04:23]For a regime entirely dependent on controlling information, this was existential.

[00:04:29]The ideology of Juche, self-reliance, extended to the information space.

[00:04:34]Citizens were supposed to receive their worldview exclusively from state sources.

[00:04:38]But when security forces, specifically a task force called Group 109, raided homes and seized USB drives, they faced a critical problem.

[00:04:48]They could catch whoever was holding it, but they had no way of knowing where it came from. Who was the original smuggler? Who else had watched these files? What was the distribution network? A physical file has no history.

[00:04:59]It's anonymous by design until the regime found a way to change that.

[00:05:11]The system was called Red Star OS, developed by the Korea Computer Center, the regime's premier IT research institute in Pyongyang. It was officially pitched as achieving software sovereignty, independence from foreign operating systems [music] that might contain American backdoors.

[00:05:26]But Grünau and Schiez discovered the truth was far [music] more sinister.

[00:05:31]The most chilling feature they uncovered was a system called OPPRC, a watermarking mechanism that operated completely invisibly to track every file that touched a North Korean computer.

[00:05:44]Here's how it works.

[00:05:45]>> [music] >> Every computer has a hard drive serial number, like a fingerprint for your machine.

[00:05:50]Red Star OS reads this number and creates an encrypted tracking tag unique to that computer.

[00:05:55]When you plug a USB drive into your computer and open a folder, Red Star OS silently scans [music] every media file.

[00:06:03]For each file, it creates a small encrypted payload containing your computer's unique ID and hides it inside the file itself.

[00:06:11]Which then opens the office and we close it again and just close this.

[00:06:19]Back and then hopefully if we mount this again then you can see it has been changed. So we didn't change anything in the file.

[00:06:28]It was just the operating system who's changing files.

[00:06:31]These files look completely normal. The video plays flawlessly.

[00:06:35]You'd never notice anything wrong.

[00:06:37]But here's the horrifying part. It creates a chain.

[00:06:41]When user A plugs in a USB [music] drive, the Red Star OS automatically embeds user A's ID into the video file.

[00:06:49]User A gives the USB to user B.

[00:06:52]When user B opens it, the system detects user A's watermark and appends user B's ID next to it.

[00:06:59]User B shares it with user [music] C, another ID appended.

[00:07:03]User C shares with two more people.

[00:07:05]More IDs added.

[00:07:07]By the time security forces raid someone's home, that video file contains a complete log of every computer it has touched.

[00:07:14]The authorities decrypt these watermarks using built-in tools.

[00:07:18]Suddenly they have a complete map, the smuggler, everyone who watched it, and the social connections between them based on watermark order.

[00:07:26]You'll be tried not by testimony, >> [music] >> but by the file itself.

[00:07:30]Even if you delete it, every copy on other devices still contains evidence of your involvement.

[00:07:43]Red Star OS assumes every user is an enemy trying to disable surveillance.

[00:07:47][music] At the core is a kernel module called RTScan.

[00:07:52]The kernel is the operating system's foundation, the layer that controls everything.

[00:07:56][music] In normal systems, administrators can control virtually anything.

[00:08:02]Red Star OS breaks this rule.

[00:08:05]The RTScan [music] module loads at startup and cannot be unloaded.

[00:08:09]It acts as the regime's [music] invisible shield, hiding surveillance demons from the user and protecting critical system files from any modification.

[00:08:17]Open task manager and you'll see your applications, word processor, >> [music] >> browser, music player, but you won't see the agents working in the shadows. The kernel filters them out.

[00:08:28]Invisible to [music] the eye, OPPRC silently brands your files with watermarks, [music] while its partner, SCNPRC, hunts for forbidden content. To do this, SCNPRC [music] relies on a hidden database called Enge, meaning fog.

[00:08:44]This isn't a list of computer viruses, it's a hit list for ideological viruses.

[00:08:49]It contains the digital signatures of South Korean dramas, Bibles, and prohibited keywords, allowing the system to flag anything the [music] state deems subversive.

[00:08:59]Flag the data checking documents and if those documents match those patterns, for example, governments don't want these files to be distributed within the intranet of North Korea, then it just deletes those files.

[00:09:08]>> [music] >> The most extreme measure, if you tamper with surveillance programs, a watchdog called SecurityD detects it instantly using checksums, [music] digital fingerprints that detect changes. The response is brutal, immediate reboot.

[00:09:22]Most times an infinite reboot [music] loop, continuously restarting without loading the desktop.

[00:09:28]Your computer becomes a brick, all files inaccessible until you reinstall [music] everything, wiping all data.

[00:09:34]Once KDM is saying reboot the system, it's going to check it again if it's rebooted and sees like it's still tampered with and it's rebooting again and again and again and then your system is basically dead. The surveillance extends [music] beyond desktops. North Korean smartphones like Arirang or Ullim tablet run modified Android with similar features. The most [music] disturbing, random screenshots of everything you do stored in a hidden folder you cannot delete or access. [music] A pre-installed app called Trace Viewer lets anyone, especially [music] inspectors, browse this visual history.

[00:10:08]You know your phone records everything.

[00:10:10]You know security forces can see it all during random checks. [music] You cannot erase it.

[00:10:21]When Grün ow and Schäfer finished their presentation in December 2015, they were careful in their framing.

[00:10:28]They weren't exposing [music] state secrets. They were exposing a digital weapon used to oppress ordinary people.

[00:10:34]So, it is a well-known fact that this operating system is actually abusing free software, make free speech harder in a country that is quite oppressed. The reaction was immediate.

[00:10:47]Major news outlets around the world covered the [music] findings.

[00:10:50]The technical details spread through security communities and reached information activists working to get foreign media into North Korea.

[00:10:57]These activists began spreading warnings about the watermarking system through the same smuggling networks [music] the regime was trying to control.

[00:11:04]Word filtered back into North Korea.

[00:11:07]Your computer is tagging [music] the files. Every file carries a record.

[00:11:10]People adapted.

[00:11:12]Defector testimonies reveal that North Koreans [music] develop strategies to protect themselves.

[00:11:17]Some kept two computers, a clean one for official inspections and a hidden one for foreign media.

[00:11:23]But the regime was relentless in pushing adoption of the indigenous system. In 2020, [music] North Korea formalized the crackdown with the reactionary ideology and culture [music] rejection law.

[00:11:34]Penalties became severe, up to 15 years in a labor camp for watching [music] South Korean media.

[00:11:40]For distribution, life imprisonment [music] or execution.

[00:11:44]Group 109 intensified their raids armed with the forensic tools built into Red Star OS.

[00:11:50]When they seize a device, they can extract [music] the watermark chains within minutes. No interrogation needed.

[00:11:56]The metadata tells the whole [music] story. North Korea responded to the exposure by continuing development. A new version appeared around 2019, likely with enhanced [music] encryption, updated surveillance features, and new defenses against tampering.

[00:12:11]The encryption keys for the watermarking were almost certainly rotated. The obfuscation techniques improved. [music] What the researchers revealed was profound.

[00:12:21]Red Star OS [music] is a blueprint for digital authoritarianism.

[00:12:25]It demonstrates how open-source software, created with ideals of freedom and transparency, can be weaponized for oppression.

[00:12:33]The system solves three critical problems for an authoritarian state.

[00:12:37]Attribution, tracking who created and shared forbidden information through watermark chains.

[00:12:42]Scale, automating censorship that would require armies of human monitors.

[00:12:46][music] Tamper resistance, making it nearly impossible to disable surveillance without destroying your own data.

[00:12:54]The student from our [music] opening story isn't just a hypothetical. The system built by the Korea Computer Center has fundamentally changed how citizens can interact with the outside world. [music] As researchers Gruneau and Sheena demonstrated, Red Star OS proves that in the information age, the operating system is the new border.

[00:13:13]Physical walls can be climbed [music] and physical checkpoints can be bypassed, but by controlling the code, the state [music] creates an invisible mechanism of enforcement. The system operates precisely as a digital weapon.

[00:13:24]It tracks the movement of files, logs the history of data sharing, and allows specialized enforcement units like group 109 [music] to extract rapid forensics without ever needing a confession.

[00:13:35]This surveillance isn't a guard tower or a [music] wiretap. It is a silent demon running in the background.

[00:13:42]The video plays perfectly [music] and the image looks normal, but beneath the surface the machine logs a permanent record.

[00:13:49]For users of Red Star OS, a few thousand lines of code turn the computer itself [music] into the ultimate state informant.

[00:13:59]Thanks for watching. If you learned something new, drop a like and subscribe for more. See you next time.