When geography and maths student David Jorm set out to prove a theory he had about North Korea, he discovered a whole community of North Korea watchers who he says are redefining information security.
Jorm, who is a software and security engineer at Red Hat, discussed the world of amateur satellite intelligence during his presentation at AusCERT 2013.
As part of his studies at the University of Queensland, Jorm theorised that a major famine in North Korea resulted in crops being harvested before they were ready, in turn leading to long- term land degradation.
He was able to prove his theory using the growing number of satellite images now available online, together with rainfall data.
Along the way, Jorm says, he connected with a group of people seeking to fill the information void found in North Korea, monitoring everything from major property developments to prison labour camps and military installations.
For most countries people would largely rely upon official reports, but in North Korea there's such an information vacuum.
In recent years, satellite image archives have improved significantly, Jorm says, and with more satellites now in orbit, more and more images are being made available to the general public.
Jorm says satellite imagery has been used to pre-empt rocket launches in North Korea, and in one case a miniature landscape was discovered in the North Korean desert that appeared to be a scaled down model for military installations.
“Typically people think about infosec as being: I have a computer system and I want to ensure nobody can access my email. This is an infosec problem in a much broader context,” he says.
“The North Korean government is trying to keep information from both leaving the country and entering the country. They don’t want to publish agricultural statistics, but people are able to get that anyway. It’s a way people are circumventing infosec controls.”
For his next project, Jorm says he’d like to explore the cyber warfare capability of North Korea.
“There’s a lot of speculation about North Korea’s cyber warfare capability. I’m interested in doing some research into that. I would be interested in passing infosec-related work to them and gauging what they do.”