Hackers leak reactor data online, want money

Following months of silence, a self-proclaimed anti-nuclear group resurfaced on Thursday, uploading more information on a dubious Twitter account regarding the country’s nuclear reactors.

A hacker referred to as the organization’s chairman shocked officials at the end of last year after exclusive blueprints and technical operation guides for local nuclear reactors were leaked on five occasions.

The group also threatened that it would bomb Korea’s nuclear reactors over the Christmas holidays if the government did not shut down their operation or refused to offer financial compensation.

“It’s been a long time,” the group said in a Twitter post that went up online at 1:13 a.m. on Thursday and was targeted at the Korea Hydro and Nuclear Power Corporation (KHNP) and the government-led investigation team.

The self-proclaimed chairman posted a link with those remarks that led to a Dropbox account with a compressed zip file containing 12 files, including eight blueprints, a video of regular nuclear reactors and the SMART nuclear reactor - a small locally developed reactor that Korea recently agreed to export to Saudi Arabia.

It also held a document file that contained a conversation between President Park Geun-hye and UN Secretary General Ban Ki-moon, which the group claims took place on Jan. 1, 2014.

According to the KHNP spokesman’s office, the reactor files include blueprints of Gori 1, the nation’s oldest nuclear reactor, and information about its technical performance and safety analyses. The company added that these documents are not confidential.

The state-run Korea Atomic Energy Research Institute, the primary developer of the SMART nuclear reactor, said that the posted files that concern the reactor’s steam generator don’t appear to have been leaked from an internal server.

The files posted, it said, were digitally captured versions of a research paper that was publicly uploaded onto the institute’s website.

Besides the files, the chairman also implicated that there could be additional future cyberattacks on the KHNP.

“Congratulations to the KHNP for finally finding some 7,000 viruses we deployed in your server,” the post read. “I’m not so sure what orders the rest of the 9,000 viruses will receive soon.”

In response to the new posts, the government’s joint investigation team, which is under the leadership of the Seoul Central District Prosecutors’ Office, announced on Thursday that the authenticity of the Twitter post had not yet been identified.

It was also unclear if the post had been made by the same group from last year or by a person imitating the chairman of the anti-nuclear group who attempted to attack the KHNP server.

“As soon as the court issues a warrant, the investigation team will acquire the original files owned by KHNP and compare them with the ones posted today,” the team said in a briefing.

The team added that it is taking into consideration that Thursday’s leak may have been perpetrated by North Korea.

BY PARK YU-MI, KIM BAEK-KI AND KIM JI-YOON [kim.jiyoon@joongang.co.kr]