[North Korea and South Korea have long had each other’s computer networks in their sights. The United States, piggybacking on South Korean operations, broke into the North’s computer systems in 2010, targeting the Reconnaissance General Bureau, the North’s equivalent of the C.I.A.]
By Choe Sang-Hun
 |
|
United States soldiers
during a joint military exercise with the South Korean
military in Pocheon, near
the heavily fortified border with North Korea.
Credit Jung
Yeon-Je/Agence France-Presse — Getty Images
|
SEOUL,
South Korea — North Korean
hackers stole a vast cache of data, including classified wartime contingency
plans jointly drawn by the United States and South Korea, when they breached
the computer network of the South Korean military last year, a South Korean
lawmaker said Tuesday.
One of the plans included the South Korean
military’s plan to remove the North Korean leader, Kim Jong-un, referred to as
a “decapitation” plan, should war break out on the Korean Peninsula, the
lawmaker, Rhee Cheol-hee, told reporters.
Mr. Rhee, a member of the governing Democratic
Party who serves on the defense committee of the National Assembly, said he
only recently learned of the scale of the North Korean hacking attack, which
was first discovered in September last year.
It was not known whether any of the
military’s top secrets were leaked, although Mr. Rhee said that nearly 300
lower-classification confidential documents were stolen. The military has not
yet identified nearly 80 percent of the 235 gigabytes of leaked data, he said.
A Defense Ministry spokesman, Moon Sang-gyun,
refused to comment on Mr. Rhee’s disclosure.
A spokesman for the Pentagon, Col. Robert
Manning, would not discuss if the hack had occurred, repeating, when pressed,
that he would not “discuss the specifics” of the incident.
North Korea and South Korea have long had
each other’s computer networks in their sights. The United States, piggybacking
on South Korean operations, broke into the North’s computer systems in 2010,
targeting the Reconnaissance General Bureau, the North’s equivalent of the
C.I.A.
South Korean intelligence officials told
lawmakers in June that Mr. Kim was desperate to get hold of South Korea’s
decapitation plan. He had also begun using his deputies’ cars as decoys to move
from place to place, they said.
When the hack was discovered last year, the
ministry blamed North Korea. But it has acknowledged only that “some classified
information” was stolen, saying that revealing more details would only benefit
its enemies.
Some South Korean news media, citing
anonymous sources, had earlier reported that the leaked data included wartime
contingency plans. But Mr. Rhee is the first member of the parliamentary
committee that oversees the military to disclose similar details.
It remained unclear how much the hacking has
undermined the joint preparedness of the South Korean and United States
militaries, with South Korean officials simply saying that they have been
redressing whatever damage was caused by the cyberattack.
The military plans for dealing with North
Korea have been rewritten in recent months by Secretary of Defense Jim Mattis,
in response to the North’s accelerated threats.
The plan containing the so-called
decapitation operation, Operations Plan 5015, had been updated in 2015 to
reflect the growing nuclear and missile threat from North Korea. Its details
remain classified.
Under their mutual defense treaty, the United
States takes operational control of South Korean troops in the event of war on
the divided Korean Peninsula. The two allies hone their war plans through
annual joint military exercises.
As Mr. Kim, the North Korean leader, has
accelerated his nuclear missile program in recent years, South Korean defense
officials have publicly discussed pre-emptive strikes at critical missile and
nuclear sites in North Korea and an operation to eliminate the North’s top
leaders.
After North Korea’s sixth — and by far most
powerful — nuclear test last month, the South Korean defense minister, Song
Young-moo, told lawmakers in Seoul that a special forces unit with a task of
removing Mr. Kim would be established by the end of the year.
Last month, United States strategic bombers
and fighter jets also flew deep to the north along the east coast of North
Korea in what some South Korean defense analysts said was an exercise to target
the North Korean leadership in the event of conflict.
North Korea bristles at any threat to Mr.
Kim, and a war of words has escalated between North Korea and the Trump
administration. North Korea claimed a right to shoot down American warplanes
flying in international airspace if they came near the country. When President
Trump threatened to “totally destroy” North Korea last month, Mr. Kim vowed to
“tame the mentally deranged U.S. dotard with fire.”
North Korea runs an army of hackers trained
to disrupt enemy computer networks and steal cash and sensitive data. In the
past decade, it has been blamed for numerous cyber-heists and other hacking
attacks in South Korea and elsewhere.
In the attack in September last year, later
code-named “Desert Wolf” by anti-hacking security officials, North Korean
hackers infected 3,200 computers, including 700 connected to the South Korean
military’s internal network, which is normally cut off from the internet. The
attack even affected a computer used by the defense minister.
Investigators later learned that the hackers
first infiltrated the network of a company providing a computer vaccine service
to the ministry’s computer network in 2015. They said the hackers operated out
of IP addresses originating in Shenyang, a city in northeast China that had
long been cited as an operating ground for North Korean hackers.
The intruders used the vaccine server to
infect internet-connected computers of the military with malicious codes in
August last year, the investigators said. They could also infiltrate the
malware into intranet computers when the military’s closed internal network was
mistakenly linked to the internet during maintenance.
The break-in by the United States into North
Korea’s own government networks in 2010 was documented in classified materials
released by Edward J. Snowden, a former National Security Agency contractor.
The New York Times reported in 2015 that the penetration figured in quickly
identifying the North Korean origins of the hack of Sony Pictures
Entertainment.
David E. Sanger contributed reporting from
Washington.
