hankyoreh

the target of a recent hacking operation

The joint team of government investigators that is looking into the leak of reactor diagrams and other files at Korea Hydro and Nuclear Power (KHNP), the state-run company that operates South Korea’s nuclear reactors, said on Dec. 24 that the suspect in the case had accessed Korean networks through an IP address located in Shenyang, China.

Shenyang, a city near North Korea, is known as a place where North Korean intelligence agents operate. Even South Korean Justice Minister Hwang Kyo-ahn said that North Korea’s involvement in the hacking attack could not be ruled out.

The investigation team, which is responsible for pursuing cases involving crimes related to private information, is under the leadership of Lee Jeong-soo, chief of the second division of investigation into high-tech crime at Seoul Central District Prosecutors’ Office.

In raids on three companies that provide virtual private networks, or VPNs, that were used by the suspect when posting information online to keep their IP from being tracked, the team found that 20 to 30 IPs from the Shenyang area had accessed a South Korean portal site around 200 times on Dec. 15, the day that the first files were leaked. However, it is not yet clear whether Shenyang was the initial point of access, or whether this was an intermediary connection designed to throw off investigators.

“The question of whether Shenyang was the initial access point can only be determined on the ground. We are currently asking the Chinese police for their cooperation,” said a source from the investigation team. When asked whether North Korea was implicated in the leak, the source said this could be neither confirmed nor denied.

Since investigators must wait on the Chinese government to assist them in continuing to track the IP addresses, and since all of the IDs, bank accounts, and personal information used in the crime were confirmed to have been stolen, efforts to identify the perpetrator are currently at a standstill.

When the suspect signed up for the VPN, which provides virtual IP addresses, they borrowed someone else’s name, and they also used someone else’s bank account to pay for the service, investigators have confirmed. All of the IDs that were used to post articles criticizing nuclear energy on the Naver blog or to leak the files online had been stolen from third parties.

With the investigation running into a brick wall, the approach of Christmas is increasing tension. Christmas was the deadline by which the suspect demanded the shutdown of three nuclear reactors - Kori Reactors No. 1 and No. 3 and Wolseong Reactor No. 2.

During a full meeting of the Legislation and Judiciary Committee on Wednesday, Kim Do-eup, lawmaker with the Saenuri Party (NFP), asked Justice Minister Hwang whether the act could have been perpetrated by North Koreans. “We’re not ruling out that possibility,” Hwang said.

By Jung Hwan-bong and Hwang Joon-beom, staff reporters

Please direct questions or comments to [english@hani.co.kr]