For almost a decade, Nick Roy has been scanning North Korea’s tiny Internet presence, spotting new websites coming online and providing a glimpse of the Hermit Kingdoms’ digital life. However, at the end of last year, the cybersecurity researcher and DPRK blogger stumbled across something new: signs North Koreans are working on major international TV shows.
In December, Roy discovered a misconfigured cloud server on a North Korean IP address containing thousands of animation files. Included in the cache were animation cells, videos, and notes discussing the work, plus changes that needed to be made to ongoing projects. Some images appeared to be from an Amazon Prime Video superhero show and an upcoming Max (aka HBO Max) children’s anime.
The findings and security lapse—detailed in a report by the Stimson Center think tank's North Korea-focused 38 North Project, which helped analyze the findings along with Google-owned security firm Mandiant—provide a glimpse at how North Korea can use skilled IT and tech workers to raise funds for its heavily sanctioned regime. It also comes as US officials increasingly warn about North Korean IT workers infiltrating companies and their outsourcing.
North Korea’s Internet is a small—and fragile—space. The repressive nation only has 1,024 IP addresses and around 30 websites that connect to the global Internet. While there is a limited internal intranet, only a few thousand of the country’s 26 million people can get on the Internet. When they do, it’s highly controlled: These select few North Koreans can use the Internet for an hour at a time and have a person sitting next to them approving their use every five minutes.