N. Korea behind latest S. Korean nuke power plant data hack: investigators

March 17, 2015
A prosecutor from the government's special investigation team announces the interim results of its probe into a series of data leaks about nuclear power plants on March 17, 2015. (Yonhap)

A prosecutor from the government’s special investigation team announces the interim results of its probe into a series of data leaks about nuclear power plants on March 17, 2015. (Yonhap)

SEOUL, March 17 (Yonhap) — North Korea is believed to be linked to a series of recent leaks of data on South Korea’s nuclear power plants, investigators said Tuesday.

In December, an unidentified hacker, claiming to be an activist against nuclear power, had posted data about nuclear power plants, including their blueprints, five times and threatened to destroy the facilities while demanding they be shut down.

Last week, the hacker renewed its threats by posting more files on Twitter that included documents concerning the country’s indigenous advanced power reactor 1400, while demanding money in exchange for not handing over sensitive information to other countries.

Announcing the interim results of its probe into the high-profile case, a special investigation team said the series of incidents “is believed to have been caused by an (unidentified) group of North Korean hackers who “aimed at causing social unrest and agitating the people.”

“A total of 94 (pieces of) data were compromised. But they are mostly for training and education and far from critical,” said prosecutor Choi Yun-soo, adding that the hackers stole the data through hacking e-mails and online communities used by former and current officials of the Korea Hydro and Nuclear Power Co. (KHNP) instead of directly infiltrating the operator’s network.

The state-run KHNP operates 23 nuclear reactors in South Korea that provide nearly one-third of the country’s energy needs.

“We’ve learned that the malicious code used in the e-mail attack in December was similar to what North Korean hackers usually employ,” an official from the investigation team said. “Multiple Internet protocol addresses used for the attacks were found to be based in North Korea.”

Noting that the server of the social network service that the suspect used is in the United States and that the hacker also used Internet protocol addresses based in China, the investigators said they will continue the probe in cooperation with Washington and Beijing.

North Korea, however, denied any involvement in the hacking case on Tuesday.

The South Korean investigators’ accusation of Pyongyang for being behind the recent data leaks “is a false judgement by an idiot,” the North’s main propaganda website Uriminzokkiri said.

The communist country was blamed for a hacking attack on Sony Pictures late last year after it released “The Interview,” a satirical film that depicts a plot to assassinate the North Korean leader. The alleged attack prompted the U.S. to impose fresh sanctions on Pyongyang.

“The probe team has only an elementary-level reasoning ability that it should blame North Korea for the leaks of data on South Korean nuclear power plants simply because the incidents happened at a similar time with the hacking on Sony Pictures,” the website said.