Hackers in China got South’s defense data

Key information on the military’s tactical communication network was hacked by China or North Korea two years ago, a ruling party lawmaker told the JoongAng Ilbo on Wednesday, and the military is investigating the case.

Information about Aegis destroyers, the Navy’s most advanced ships, was hacked, according to Rep. Song Young-keun of the Saenuri Party, a member of the National Defense Committee of the National Assembly.

The hacking was mentioned in a report Song recently obtained from the Defense Security Command, which said the hacking took place in China.

“There is a high possibility that the hackers were either North Koreans or Chinese,” Rep. Song said. “If the North is behind it, it is an imminent threat to our military’s defense system.”

According to the report, two defense contractors in Korea including Samsung SDS were hacked in May 2013. Information about the military’s tactical communication network system and the Command, Control, Communications, Computers and Intelligence, better known as C4I, was leaked. The systems were being developed by the contractors at the time.

The Defense Security Command said the source code for the joint tactical data link system for Aegis destroyers and text files for the Navy’s C4I table structure were leaked.

The command said most of the leaked data concerned network technologies that enable the military’s integrated tactical operations.

Military analysts said the most serious loss was the information about the Aegis destroyers.

In modern warfare, they said, network technology is crucial to allow the Army, Navy and Air Force to share intelligence in real-time. That allows quicker reactions to enemy attacks and more precise strikes on targets, the experts said.

When North Korea planted land mines inside the demilitarized zone last month, not only the Army but also fighter jets including F-15Ks scrambled from their bases based on the operation of this system.

“The source code is key information that shows how the system is operated,” Yang Wook, a senior researcher of the Korea Defense and Security Forum, said. “Anyone who obtained the source code can plant malignant code to interrupt our operations.”

Another military official said the hacking is a serious problem if the information ended up in the hands of the North. When a North Korean submarine or speedboat infiltrates the South, the Navy’s Aegis destroyers and KF-16 fighter jets of the Air Force are mobilized, he said.

“In such an operation, the Navy and the Air Force will coordinate who will take which zone and how to attack,” he said. “If the enemy has that information, that’s a big problem.”

The leak of a project to improve the capabilities of the C4I is also serious, the experts said, because the system has a vast amount of information about the military’s weapons systems, strategies and administrative affairs.

North Korea operates a cyber warfare unit under the General Bureau of Reconnaissance that spies on the South. Most of the hackers are operating from China. The Defense Security Command said an average of 5,000 hacking attempts are made against the South Korean military and U.S. Forces Korea every day. The command said it issued warnings to hacked contractors and improved their security systems.

“In order to stop any additional damages, we took the necessary measures,” a military official said.

BY YU SEONG-UN [ser.myoja@joongang.co.kr]