More nuke files posted as prosecutors intensify huntAfter an unidentified hacker posted four more files of information related to the country’s two largest nuclear power complexes early Sunday, prosecutors investigating the leaks said they were making progress.
The Seoul Central District Prosecutors’ Office said investigators were dispatched to the Daegu location of the IP address of the Naver account used by the hacker. But the user of that account said he had been hacked by someone else.
Blueprints of the reactors and detailed explanations of control software at the Gori and Wolsong nuclear power plants were posted on a Naver blog Dec. 15 by someone known as “Who am I?”
The plants are managed by the Korea Hydro and Nuclear Power Corporation (KHNP).
The prosecution said the hacked information was posted on Naver and Twitter. It traced the IP address of the Naver ID and found it was issued by a domain company.
“We found the ID was used to log on in the United States,” said a prosecution spokesman. “We also think it’s possible North Korea used a foreign server for the hacking.”
“We expect to identify the hacker early this week,” said the investigation team chief Lee Jeong-soo. “We also sent investigators to the Gori No. 2 reactor [in Busan] and Wolsong No. 1 reactor [in Gyeongju].”
The self-proclaimed “chief of the Korean chapter of an anti-nuclear reactor group” posted four ZIP files on Twitter at 1:32 a.m. Sunday that included blueprints of the air-conditioning and ventilation system for Gori No. 2, blueprints of valves for Wolsong No. 1 and operating manuals called MCNP5 and BURN4.
The hacker then tweeted: “I will post 100,000 additional pieces of reactor blueprints since you said the leaked information isn’t confidential. You better stop operating Gori No. 1, No. 3 and Wolsong No. 2 reactors from Christmas. Let’s meet either in New York or Seoul. You must ensure my security and must pay me.”
At the end, he wrote, “chief of the anti-nuclear reactor group from Hawaii,” indicating he may not be in Korea.
After the hacker posted the additional information, the Ministry of Trade, Industry and Energy and KHNP said on Sunday they will run simulation training starting today to prepare for further hacking attempts.
Separately from the prosecutors’ investigation, they are trying to determine the importance of the leaked information. They said the 20 hacked files made public contain only basic technical information.
BURN4, for instance, is a Japanese-developed program the KHNP said it doesn’t use.
The KHNP also said it will ignore the hacker’s demand that the reactors be shut down.
But neither the ministry nor the KHNP have announced specific measures to prevent either the spread of leaked information or further leaks.
“Since Twitter is a foreign-based service, it is hard to ask it to block the hacker’s account or delete the posted information,” said a KHNP spokesman. “Though the hacker’s account has been removed, another account could just as easily be created and more information posted.”
BY KWON SANG-SOO [email@example.com]