hankyoreh

The National Intelligence Service (NIS) increased its number of licenses for hacking lines from 10 to 45 two weeks ahead of the 2012 presidential election, it recently emerged.

The purchase of 35 additional lines occurred on Dec. 6, 2012, after the NIS acquired a hacking program from the Italian company Hacking Team.

The licenses in question were also found to permit continued use and the altering of targets. The revelations conflict with the NIS’s previous claims that it only purchased a total of 20 lines.

NIS chief Lee Byung-ho had told the National Assembly Intelligence Committee at a meeting on July 14 that the agency purchased “ten hacking program lines allowing mobile phone monitoring on two occasions in 2012 [in January and July] from Hacking Team,” for a total of 20 lines, members of the committee reported.

But analysis of attachments to leaked Hacking Team emails by the Hankyoreh on July 15 showed the NIS purchasing 10 lines in January 2012, another 10 temporary lines in July, and additional licenses for 35 lines in December.

The NIS initially sent an email to Hacking Team titled “New Order (Emergency)” via the purchasing agency Nana Tech. In it, it requested information about how to pay for the additional of 30 new targets.

A series of exchanges followed between the South Korean side and Hacking Team in Italy in the day after the emergency NIS order. A deal was ultimately struck in which the NIS would purchase 10 licenses for 40,000 Euros (around 50 million won) and another 25 for 70,000 Euros (88 million won), for a total of 35 additional licenses at a cost of nearly 140 million won, the emails show.

The documents also indicate some haste to the process, with Nana Tech insisting that the “customer [the NIS] needs to make the purchase with this year’s budget.”

The transaction was ultimately completed quickly, in the space of just one day. As a result, the NIS gained the ability to monitor 45 computers, smartphones, and other devices all at once two weeks before the presidential election, increasing its number of lines by over four times from the initial level.

The numerical increase in lines was also apparently accompanied by qualitative changes. A stamped contract exchanged by email between Nana Tech and Hacking Team on Dec. 6, 2012, showed the inclusion of a provision reading, “Once monitoring of an individual is complete, the target’s backdoor may be removed and transferred to another target for monitoring.”

The change meant that in addition to being able to monitor 45 different people at once, the NIS was able to increase that number at will by changing monitoring targets once some were deemed not to require monitoring. Another function added allowed for monitoring of different numbers of devices simultaneously per license.

The contract also stated that its terms were “valid only until April 30, 2012.” It is unclear why the contract expiration date was set several months before the actual transaction date.

By Lim Ji-seon and Cho Seung-hyun, staff reporters

Please direct questions or comments to [english@hani.co.kr]