South Korea has increased security around power plants after hackers penetrated their computer network and released sensitive documents online. Investigators cannot yet say if Pyongyang was involved in this hacking incident, but given the recent alleged North Korean cyberattack on the Sony movie studio, they cannot rule it out either.
South Korean officials are trying to reassure the public that the country’s 23 nuclear reactors remain secure and cannot be compromised by a recent string of cyberattacks on the Korea Hydro and Nuclear Corporation.
Using email addresses of retired employees, the hackers were able to plant 300 different types of malware in the company’s network. They have already released online unclassified power plant blueprints, testing data and payroll information. They are now threatening to damage three nuclear plants unless the government shuts them down.
The unidentified hackers describe themselves as an anti-nuclear power group, but Simon Choi, a senior director at an anti-virus company in Seoul called Hauri Inc., said the pattern of this attack points to a different suspect.
He said what these unidentified hackers are doing is very similar to what North Korean hackers did before. These hackers are using Twitter or a site called Pastebin to leak documents, just as alleged North Korean hackers did last year in a cyberattack on the office of the South Korean president, and more recently in the Sony attack.
The U.S. has accused Pyongyang of hacking into Sony Pictures Entertainment in the U.S., in an ultimately failed effort to stop the release of comedy movie about the fictional assassination of Kim Jong Un. Seoul has also blamed Pyongyang for a number of cyberattacks that occurred in the last few years on government agencies, TV broadcasters and media websites.
Security around the targeted reactors has been increased. Heavily armed troops surround the sites. And the defense ministry's cyber warfare unit is on high alert. Choi said the control systems of the nuclear reactors are separated from external networks, so hacking into the system is fundamentally impossible.
He said the network can only send information unilaterally, so it is difficult for malwares or hackers to penetrate into the independent network.
The hackers claim to be based in Hawaii, but investigators say the suspects used multiple Internet protocol (IP) addresses they think are based in China, in an area where North Korean hackers are suspected of operating.
A justice ministry official said they can’t confirm, but don’t rule out, the possibility that North Korea is behind the incident.
South Korea relies on nuclear reactors for a third of its electricity and is the world's fifth-largest user of nuclear power.
VOA News Producer in Seoul Youmi Kim contributed to this report.