hankyoreh

which indicated the NIS’s interest in wiretapping Kakao Talk

Evidence is mounting that South Korea’s spy agency had in fact purchased a powerful hacking program capable of monitoring smartphones and been operating this in secret for several years. Previously, the agency had complained that its lack of equipment for monitoring mobile phones was interfering with investigations and pushed for a law that would require telecoms to install surveillance equipment

This scandal could lead to allegations of indiscriminate surveillance similar to the “X File” case at the Agency for National Security Planning (a predecessor to today’s National Intelligence Service [NIS]), which involved a wide-range of illegal wiretapping of politicians, bureaucrats, and civic organizations in 2005.

On July 12, a source at the NIS effectively acknowledged that the agency had purchased and operated Remote Control System (RCS), a hacking program developed by an Italian company called Hacking Team. “The agency cannot deny having purchased the program,” the source said.

the most widely used messaging app in South Korea.

Officially, however, there has not been a single case over the past 10 years in which the NIS has admitted to monitoring mobile phones. After the ANSP X-File case in 2005, the agency scrapped all of the monitoring equipment it had developed for mobile devices, including one called CAS. The agency’s official position is that it has not managed to monitor mobile phones even once since then.

“In 2005, Director Kim Seung-gyu instructed us to destroy all of our monitoring equipment since there would be suspicions of illegal surveillance if we retained it. Since then, we have not been able to monitor mobile phones on a single occasion,” another source at the NIS said.

While the NIS wiretaps phone lines thousands of times each year (5,531 in 2014), it has complained that its absolute inability to monitor mobile phones and especially smartphones - which are used more frequently - represents a huge obstacle to national security investigations and counterespionage activity.

While the Protection of Communications Secrets Act allows the agency to monitor mobile phones if the court issues a warrant, it has claimed that its hands have been tied by a lack of surveillance equipment.

But with the agency’s credibility plummeting during the administration of former president Lee Myung-bak (2008-2013), the drive to legalize surveillance failed to gain momentum.

According to internal emails from Hacking Team, the Italian company that developed and sells RCS, the NIS used a small South Korean company called Nanatech to convey its interest in buying the software, and especially functionality that would enable it to monitor voice conversations on mobile phones. This correspondence occurred in Sep. 2010, five years after the X-File case.

While it has not been confirmed to what extent Hacking Team met these requests, the emails that have been made public show that the NIS had Nanatech communicate its satisfaction about the performance of the hacking program to the Italian company on several occasions.

In March of last year - even as the National Assembly was trying to reform the agency following its interference in the 2012 presidential election - the agency was asking the Italian company to develop technology for hacking Android phones and iPhones and to train agents to operate these programs.

When Rep. Seo Sang-gi, a Saenuri Party (NFP) lawmaker who was chair of the National Assembly‘s Intelligence Committee at the time, submitted a bill in Jan. 2014 that would revise the Protection of Communications Secrets Act to make it mandatory for telecoms to have mobile surveillance equipment, the agency aggressively lobbied for the bill.

On Sunday, Urgent Action on Cyber Surveillance, a privacy watchdog group, released a statement saying, “Allegations have been raised that the National Intelligence Service deceived the public by officially claiming to be unable to monitor mobile phones while unofficially doing exactly that. If illegal activity is confirmed, the individuals responsible should be prosecuted at once and the hacking immediately stopped.”

The doors are locked at Nanatech’s offices in Seoul’s Gongdeok neighborhood on July 12. Nanatech was used to convey the National Intelligence Service’s interest in purchasing a hacking program from Hacking Team. (by Heo Seung

By Heo Seung, staff reporter

Please direct questions or comments to [english@hani.co.kr]