Whoops, North Korean Facebook Password Was “Password”

North Korea isn’t exactly known for its tech savvy, but the hermit kingdom’s latest technological blunder will have even the most casual internet users facepalming. In late May, someone in North Korea launched what appeared to be a social networking site almost identical to Facebook. It came complete with a news feed, internal messaging service, like buttons, and even spaces for advertisements. The site has less than 200 users, with many appearing to be journalists and other curious foreign users.

 Yet within hours of its discovery, the site had already been hacked. The hacker was first noticed by a journalist at Vice’s Motherboard, who posted a screenshot of an advert on the site that read, “Uh, I didn’t create this site just found the login.” The advert had been posted by 18-year-old Scottish college student Andrew McKean, who told Motherboard he had full control of the fledgling social network. 

“Was easy enough,” McKean told Motherboard’s Lorenzo Franceschi-Bicchierai.

McKean explained he was able to become a site administrator simply by clicking an “Admin” link at the bottom of the page and guessing the password. It turned out, the password wasn’t quite as easy as “qwerty” or “12345.” In fact, it was even easier. The password was just “password.”

However, even the world’s most obvious password wasn’t just a lucky guess. McKean said he tried “password” after toying with a demo for the off-the-shelf Facebook clone phpDolphin. Since the North Korean social media site appeared to be a virtually unaltered version of phpDolphin, McKean decided to try his luck with the demo’s default password.

“I don’t know why, but I just wanted to check if it worked, after all this Facebook clone site was new and not much had been done to it,” he said. 

The website was inaccessible at the time of writing, making it possible the Facebook clone was little more than a short-lived dabble with social media from North Korea. It’s also unclear why the site was created in the first place. The site hasn’t been officially acknowledged by North Korean state media, and so far nobody can be sure the government in Pyongyang was even behind the seemingly derailed project. The analytics firm that first unearthed the website, Dyn, has only confirmed the website was created by somebody inside North Korea. 

However, there are some indications the government could be a pretty good suspect. Average North Koreans purportedly have limited access to the Internet, meaning it would be unusual for an independent entrepreneur within the country to launch a website accessible to international audiences. Moreover, despite North Korea’s reputation for lacking many modern amenities, the government does have a history of surprising the West with unexpectedly effective computer technology. 

North Korea’s quiet technological achievements

In 2015, two German researchers conducted an in-depth investigation into North Korea’s homegrown operating system, Red Star OS. 

Until then, Red Star had been considered a clumsy, superficial adaptation of the Fedora operating system, which is a version of the open source Linux. However, when the German researchers dug deeper, they found the North Korean system was surprisingly sophisticated.  

“This is a full blown operation system where they control most of the code,” one of the researchers, Florian Grunow, told The Guardian newspaper at the time.

Grunow explained Red Star included its own unique encryption for files, along with protections against any attempts to tamper with core functions. It also featured an interesting piece of software that tagged all files on the system, or on any devices attached to the computer, such as a USB stick. Grunow said this latter feature may have been included as part of the government’s efforts to crack down on the country’s thriving black market in foreign films. The measure effectively allows the government to track how files are shared. “It’s definitely privacy invading. It’s not transparent to the user,” Grunow said.

The researchers concluded the operating system had been pretty well adapted to the government’s ambitions to reap the benefits of modern technology, but without losing control. The entire system also worked well alongside the country’s intranet, a mainly closed system that allows access to officially approved websites such as state media. Although the network is estimated to have less than 5,000 websites, it already boasts features like a search engine and e-commerce sites similar to Amazon.

All the while, the system’s extreme isolation from the rest of the world has allowed it to remain firmly under the control of the government. North Korea’s technological isolationism has, in itself, likewise proven surprisingly resilient to Western infiltration efforts. This was on full display in mid-2015, when U.S. intelligence officials leaked news of a failed plan to sabotage North Korea’s nuclear program to Reuters. The anonymous officials told the news agency the United States had tried to attack the nuclear program with a variation of the now famous Stuxnet virus. The virus devastated Iran’s nuclear program in 2009 and 2010, but fell flat in North Korea. U.S. officials blamed the extreme isolation of core computers used by the North Korean government to run its nuclear program.

Perhaps the country’s social media platform could have one day developed into a success story for the regime. Perhaps there’s a budding Mark Zuckerberg somewhere in the North Korean bureaucracy, just waiting for his chance to create a relatively functional, yet tightly controlled mimicry of Facebook. Yet, for now, whatever is left of the project may well be in the hands of a college student on the other side of the world.

—Ryan Mallett-Outtrim

Recommended Articles