hankyoreh

A KHNP's document released by hackers who call themselves the Group Opposed to Nuclear Power.

Over the course of a week, reactor diagrams and other internal documents from Korea Hydro and Nuclear Power (KHNP), the public company that operates South Korea’s nuclear reactors, were leaked on four separate occasions by an organization of presumed hackers who call themselves the Group Opposed to Nuclear Power. But KHNP was slow to respond to the leak, and when it did respond it was mostly concerned with covering up the scandal.

A joint government team made up of investigators from the prosecutors and the police are working to down the IP address of the perpetrators, who have been randomly leaking the information to the press and internet users through blogs and social media. The group is also threatening to destroy the control systems of South Korea’s nuclear reactors.

Around 1:30 am on Dec. 21, the group of hackers leaked four more KHNP internal documents on Twitter. This was the fourth time that the group released such documents since the first leak on Dec. 15.

The group‘s Twitter post seemed to be aimed at an official statement by the KHNP downplaying the significance of the documents that the group had already leaked. “If you keep this up, we’ll give the world the rest of the 100,000 documents we still have. How would you like that?” the group said.

Along with this message, the group used a cloud-based file-sharing service to make available various KHNP documents, including a cooling system diagram for Kori Reactor No. 2, a valve diagram at Wolseong Reactor No. 1, and the program manual used at the nuclear reactors.

On Dec. 10 and Dec. 12, the group announced on its Twitter account and Naver blog that it had managed to hack the nuclear operator‘s servers. So far, the group has released KHNP documents on Twitter and Naver in four stages, on Dec. 15, Dec. 18, Dec. 19, and Dec. 21.

The KHNP documents that have been leaked so far were created between 2000 and 2013.

But the hackers have gone beyond simply releasing internal documents. They have also demanded that Kori Reactors No. 1 and 3 and Wolseong Reactor No. 2 be deactivated around Christmas and threatened to destroy the nuclear control systems.

KHNP and the Ministry of Trade, Industry and Energy, the government ministry charged with overseeing KHNP, have not only dawdled in responding to the hackers’ actions, but their response has also been ineffective.

Even though the indiscriminate leak of the documents began on the evening of Dec. 15, it did not come to the attention of KHNP until a security publication ran a report on the topic on the morning of Dec. 17.

In addition, when Hankyoreh reporters contacted KHNP on the same day, the company was only worried about covering up the incident. “The previous computer virus attack and the document leak appear to be unrelated. Rather than hacking, we think it is more likely that the group released information that they collected from an online community of former KHNP employees,” KHNP said in a statement.

It was not until the evening of Dec. 18, when the scandal had begun to snowball, that KHNP closed one of the group‘s outlets for leaking the files by asking Naver to shut down its blog. But as of the afternoon of Dec. 21, internal documents from the nuclear operator were still available for download through a Twitter account.

“The hackers had pretended to be residing in Hawaii or some other location overseas. However, when we traced the IP of documents uploaded to the blog and Twitter account since we were assigned the case on the afternoon of Dec. 19, we found that the documents in question had been uploaded from the Korean countryside,” the team of government investigators announced.

On the blog that the hackers set up on Dec. 15, they posted a slogan stating that they are opposed to nuclear power because it threatens human safety and survival. They also wrote “Who am I?=No nuclear power plant” in English.

On Dec. 9, the KHNP computer system was infected by a virus sent by email. Computers that were affected by the virus displayed the message “Who am I?” before their hard drives were destroyed.

When the hackers leaked the second round of documents on its blog on Dec. 18, they said that the first attack had only wiped a few hard drives but threatened that the second attack would destroy the nuclear reactors’ control system. The hackers also said they had transmitted 16,250 viruses.

The group claimed to have succeeded at hacking KHNP’s servers on Dec. 10 and Dec. 12 and acquiring the nuclear operators’ reactor plans, control program, and the rest of its sensitive information.

By Jung Se-ra and Noh Hyun-woong, staff reporters

Please direct questions or comments to [english@hani.co.kr]