Officers suspect a hacking group in cyberattack

Home > National > Politics

print dictionary print

Officers suspect a hacking group in cyberattack


Reactor operators check an automated nuclear reactor and turbine programs as part of a simulated emergency training exercise on Monday at Wolseong nuclear power plant in Gyeongju, North Gyeongsang. By Gong Jeong-sik

The Ministry of Trade, Industry and Energy and the Korea Hydro and Nuclear Power Corp. (KHNP) said Monday that authorities had found malicious code within the operating network connected to the reactor control system.

The government said four computers, three at Gori and one at Wolseong nuclear power plants, shut down because of the viruses on Dec. 11.

The joint investigation team suspects a highly skilled hacking group was involved in the hacking, possibly from North Korea.

“The IP addresses of the two locally based IDs on the web portals Naver and Nate were found to have been connected to zombie PCs,” the joint investigation team said in a statement at the prosecutors’ office. “We believe the alleged hackers could be part of a professional hacking group. … North Korea could be one of the starting points.”

Those speculations were sparked after the hacker posted an additional set of reactor-related documents on Twitter. The hacker introduced himself as John (Twitter ID @john_kdfifj1029), writing, “The Blue House still pretends it doesn’t know anything,” curiously using the phrase anin bosal, a North Korean expression that means “pretending not to know.”

The Seoul Supreme Prosecutors’ Office on Monday asked the Korea branch of the U.S. Federal Bureau of Investigation to help track down the hacker suspect as the culprit used an IP address that traveled through the United States, Japan and Korea many times. Authorities suspect the hacker may be stationed in Hawaii, though prosecutors said they are open to all possibilities.

“The malicious codes that broke through the KHNP system are very similar to those used in the Sony hacking case and in the case involving South Korean news organizations last year, at least in terms of their functions,” said Lim Jong-in, dean of the Korea University Graduate School of Information Security. “If those codes already reached the control systems for those reactors, they would have been more than able to halt their operation.”

The KHNP denied that argument, however, stating that an “electrical system exists inside each reactor, but there is no Internet connection there. That’s why it is impossible for any kind of cyberattack to directly influence the normal operations of the reactors.”

The KHNP previously said that it will ignore the hacker’s demand that the reactors be shut down. However, neither the ministry nor the KHNP have announced specific measures to prevent either the spread of leaked information or further leaks. The two authorities are currently cooperating with the state-run information security agency to stop the documents’ spread.

The government also attempted to downplay concerns surrounding the recent hacking scandal, in which allegedly confidential documents regarding Korea’s nuclear reactors were uploaded online.

The incident, prompted after blueprints of the reactors and detailed explanations of control software at the Gori and Wolsong nuclear power plants were posted on a Naver blog on Dec. 15, elicited fears over the government’s ability safeguard critical information and public safety.

However, the hacked documents and blueprints were not confidential material, as was initially reported in the media, the government insisted.

Officials added that the malicious code that the hacker or hackers claimed to have used to target the KHNP, which operates the reactors, was in fact a simple hard drive virus unable to transfer data out of its computers.

However, officials said an investigation by AhnLab, a company specializing in computer viruses, showed that the viruses only damaged the computer but did not have the ability to steal vital information or control the operating systems of the reactors.

“The virus cannot influence the operation of the reactors,” said Park Sang-hyung, the head of the cybersecurity team at the KHNP. “According to AhnLab, one of our information security management agencies, the malicious codes are known as MBR, which destroys the computer’s booting system but is unable to transfer data from one computer to another.”

It was determined that the infection spread after a KHNP employee opened virus-infected emails allegedly sent from the hacker on Dec. 9.

The government also made sure to emphasize that the leaked documents contained technical information related to the reactors’ operation but stressed that they were not confidential information that could cause major problem in the power plants’ operation.

“It’s true that the documents are technical property of the KHNP that need to be kept secure, but people can’t attack a reactor with just those documents,” said Lee Kwan-sup, the first vice minister of trade, industry and energy. “That level of information is known to be available online, as easily as nuclear experts can find it through a simple Google search.”


Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)