Alleged hacking group releases more data, repeats demands

An unidentified hacking group released an additional set of files concerning operations at Korea’s nuclear power plants on its Twitter account on Tuesday afternoon.

The group, which introduced itself as an anti-nuclear group, threatened the state-run nuclear reactor operator Korea Hydro and Nuclear Power Corporation (KHNP) and reiterated calls for the reactors to be suspended by Christmas.

The attack followed simulated emergency training exercises against cyberattacks, which lasted through Tuesday. This was the fifth public leak of files related to the reactors at the Gori and Wolseong nuclear plants.

The hacker, known as John - whose Twitter ID is @john_kdfifj1029 - posted four zip files and one link to a news article around 3 p.m. on Dropbox and Pastebin. The files included blueprints from 2011 of the air-cooling system at the Gori No. 1 and 2 reactors and the overall design blueprints for the Wolseong No. 3 and 4 reactors. A third file illustrated the operation simulator of the Japanese-made APWR model reactor, and the fourth detailed the safety system analysis codes.

As of press time, KHNP said it was still investigating whether the leaked blueprints were authentic. The link directed visitors to a news article about how Korea had developed its own safety and performance analysis codes for nuclear power plants - known as SPACE codes - a key technology in developing nuclear reactors.

The story, written early last year by Korea Energy News, stated the development of the code marked a decisive moment that enabled Korea to export its own reactors.

The Twitter posts once again criticized the KHNP for not halting the operations of its reactors, while emphasizing concern for Korea’s citizens.

“The KHNP’s emergency cyberattack training seemed pretty perfect,” the self-proclaimed anti-nuclear group wrote with apparent sarcasm on Twitter. “How is [the KHNP] going to deal with the aftermath of irritating us?

“If you apologize to local anti-nuclear groups, we will reconsider opening [nuclear reactor-related] documents,” the hacking group wrote. “I urge you [the KHNP] to stop the reactors first if you want to apologize.

“We are anti-nuclear group that loves Korean citizens,” it wrote. “Dear citizens, stay away from the reactors.”

Following a request to the U.S. Federal Bureau of Investigation for help looking into the matter, the Seoul Supreme Prosecutors’ Office on Tuesday also requested cooperation from the Chinese police and Japanese judicial authorities.

The hacking group was found to have logged in to Twitter in locations in China, Japan and the United States, which makes determining the actual point of access difficult, the prosecutors’ office said.

The investigation team said it suspects the hackers are based in the United States. The new Twitter post was uploaded around 3 p.m. Tuesday local time, while the post was recorded as having been created at 10 p.m. on Monday. The 17-hour time gap could indicate that the post was created in the Pacific time zone.

On Tuesday, President Park Geun-hye also expressed her concern over the leaks at a cabinet meeting. “Nuclear power plants are class-one security facilities, which are directly related to Korean citizens’ safety,” she said. “This is a serious threat to national security.”

BY LEE YOO-JEONG, KIM JI-YOON [jiyoon.kim@joongang.co.kr]