Hackers stole US battle plans on how to wipe out North Korea’s leaders, Seoul lawmaker says
The reported hack comes amid heightened fears of conflict on the Korean peninsula, fuelled by US President Donald Trump’s continued threats of military action against Pyongyang
The techno soldiers of Kim Jong-un are growing more aggressive in defending North Korea’s supreme leader against threats from US President Donald Trump and South Korea.
South Korean lawmaker Rhee Cheol-hee said on Wednesday that 235 gigabytes of military documents were taken from the Defence Integrated Data Centre in September last year, citing information from unidentified South Korean defence officials.
They included military plans developed by the US and South Korea last year that included a highly classified “decapitation strike” against the North Korean leader.
The plans were devised as the regime in Pyongyang steps up nuclear tests and fired long-range missiles toward the Pacific Ocean.
An investigative team inside the defence ministry announced in May the hack had been carried out by North Korea, but did not disclose what kind of information had been taken.
Pyongyang has denied responsibility in its state media for the cyberattacks, criticising Seoul for “fabricating” claims about online attacks.
The episode shows North Korea’s progress in infiltrating computer systems around the world three years after its hackers allegedly pilfered documents from Sony Corp. in retaliation for the film The Interview.
Some of the data from the latest hack addressed how to identify movements of members of the North Korean leadership, how to seal off their hiding locations, and attack from the air before eliminating them, the lawmaker had said.
These plans had likely not been classified properly but defence ministry officials told Rhee the hacked documents were not of top importance, he said.
Rhee said the hack had been made possible by “a simple mistake” after a connector jack linking the military’s intranet to the internet had not been eliminated after maintenance work had been done on the system.
The South Korean Defence Ministry’s official stance is that they cannot confirm anything the lawmaker said about the hacked content due to the sensitivity of the matter.
If Kim’s cyber warriors have indeed stolen the top-secret intelligence, it raises alarms about the security of US-South Korea information and the effectiveness of potential military options.
“The plan is fundamental to conducting a war operation and leakage of even a small part of it is very critical,” Rhee said.
“How could we fight against an enemy and win a war if it’s already aware of our strategy?”
North Korea has been developing cyber capabilities as trade sanctions and a debilitated domestic economy make it difficult to invest in conventional military capabilities.
While Kim is devoting resources to nuclear missiles, hackers offer a cost-effective way to threaten rivals that are typically reliant on technology systems.
“There is no doubt that they are using their capability in creative ways,” said Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra.
“Stealing battle plans is obviously a good idea from a military point of view and they’re also monetising their capability to get around sanctions.”
While North Korea allows internet access to only a small portion of its population, it began to train its techno soldiers in the early 1990s, according to South Korea’s Defence Security Command.
The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff, Hanson said.
The US defended its capabilities despite the alleged hack. Colonel Robert Manning, a Pentagon spokesman, wouldn’t discuss whether any breach occurred, but said the US has confidence in the security of its intelligence and its ability to deal with North Korean threats.
It wasn’t immediately certain whether the strike plans allegedly stolen by North Korea could have been a decoy in the long-running war of espionage between the two Koreas.
Separately on Wednesday, cyber security firm FireEye said North Korea-affiliated agents were detected attempting to phish US electric companies via emails sent in mid-September, although these attempts did not lead to a disruption in the power supply.
FireEye said the phishing attack on the electric companies detected was “early-stage reconnaissance” and did not indicate North Korea was about to stage an “imminent, disruptive” cyberattack.
The North has been suspected of carrying out similar cyberattacks on South Korean electric utilities, in addition to other government and financial institutions.
Those attempts were likely aimed at creating a means of “deterring potential war or sowing disorder during a time of armed conflict”, FireEye said.
North Korean hackers made international headlines in 2014 when they allegedly broke into Sony’s Hollywood operation as it was preparing to release The Interview, a Seth Rogen spy caper about meeting the North Korean leader. Sony Chief Executive Officer Kazuo Hirai called the attack “vicious and malicious” as it led to embarrassing revelations.
Then last year, a group linked to North Korea, called Bluenoroff, allegedly stole money from Bangladesh’s central bank. In May, a group called Lazarus was linked by security researchers to a global ransomware attack that affected more than 300,000 computers.
This year, the country’s hackers appear to have stepped up their efforts to secure bitcoin and other cryptocurrencies that could be used to avoid trade restrictions.
Bloomberg and Reuters