The company issued an updated analysis of a study on North Korean Internet use by former NSA analyst Priscilla Moriuchi on Thursday Australian time, following up on a study issued in July last year. Moriuchi now works for Recorded Future as part of its Insikt Group.
Last year's study had found that "North Korea’s ruling elite were plugged into contemporary Internet society, were technologically savvy, and had patterns of internet use that were very similar to users in the West".
That appears to have changed in the period between December 2017 and March 2018, with Moriuchi writing, "North Korean leadership nearly totally abandoned Western social media and significantly increased their operational security procedures in the six months since our original analysis". The use of Western social media sites has been officially banned in North Korea since April 2016.
Recorded Future found that Internet use was still limited to a small group in Pyongyang, these being the most senior leaders and ruling elite.
But the country has an internal network called Kwangmyong which connects libraries, universities, and government departments and is slowly making its way into homes of better-off citizens. It houses a number of domestic websites, an online learning system, and email.
"What is most striking about the social media activity from the December 2017 through March 2018 dataset is the near absence of Facebook and Instagram activity, and the significant increase in use of Chinese services," the study noted.
Access to the Internet is through three methods:
Via their allocated .kp range, 188.8.131.52/22 (Intel Card), which also hosts the nation’s only Internet-accessible websites. These include nine top-level domains such as co.kp, gov.kp, and edu.kp, and approximately 25 subdomains for various North Korean state-run media, travel, and education-related sites.
Via a range assigned by China Netcom, 184.108.40.206/24.
Through an assigned range, 220.127.116.11/24, provided by a Russian satellite company, which resolves to SatGate in Lebanon.
Other interesting aspects found during analysis of the date are:
Over the course of six months, North Korean elite increased their use of Internet obfuscation services by 1200%. This includes a dramatic increase in services such as VPNs, Virtual Private Servers, Transport Layer Security, and The Onion Router.
Two more countries, Thailand and Bangladesh, showed North Koreans were likely living there and conducting illicit revenue-generation activities. This is in addition to eight nations discovered in 2017, including India, Malaysia, New Zealand, Nepal, Kenya, Mozambique, Indonesia and China. Activity in Malaysia and New Zealand decreased since the July 2017 study.
There was no noticeable increase in mining cryptocurrencies compared to the first study. However, the new data found that in addition to bitcoin, the North Koreans had also started mining monero.
The study found that the following online games were used by the North Korean elite:
- 0AD: Empires Ascendant;
- Ace of Spades;
- The Marathon trilogy games;
- Armed Assault 1-3;
- World of Warcraft;
- Cube 2: Sauerbraten;
- Diablo 2;
- League of Legends;
- Second Life; and
- Accounts and games on Steam.
It said: "(This) could give researchers leads on which games overseas North Korean hackers are exploiting to generate revenue for the regime. It is not clear how much of this type of revenue generation is conducted from territorial North Korea.
"However, it is clear that overseas operators would often develop bots or gaming hacks for platforms and services which with they were already familiar."