hankyoreh

the company that brokered the hacking program transaction between the National Intelligence Service and Hacking Team

The National Intelligence Service’s chief target after purchasing a remote control system (RCS) program from the Italian security firm Hacking Team was an unspecified number of South Korean nationals in China, it has been alleged.

The allegations of hacking against South Korean nationals - which is illegal even when they are overseas - is making a prosecutors’ investigation appear increasingly likely.

“[The NIS’s] targets were purely mobile phones,” said NanaTech president Heo Son-gu in a July 21 interview with the Hankyoreh. The company brokered the hacking program transaction between the NIS and Hacking Team.

“The chief target was in China,” Heo explained.

When asked whether any individuals in China had been specified, Heo said an NIS agent had identified at least one “South Korean living in China.” The agent in question, surnamed Lim, was found dead on July 19 in an apparent suicide.

Heo declined to answer questions on whether any of the hacking targets were South Korean nationals or the hacking took place at the time of entry into South Korea.

“I think only the one who did it would know that,” he said.

If the NIS did use a hacking program against one or more South Koreans, it would conflict with Director Lee Byung-ho‘s claim before the National Assembly Intelligence Committee on July 14 that the agency “did not use, or have reason to use, monitoring programs against South Korean citizens, and will accept any punishment if [evidence shows] there was [illegal monitoring] like what happened in the past.”

Lee also said the program “was used only to collect intelligence on North Korea overseas and was not used in South Korea.”

But details from the Hacking Team leak suggest hacking against South Koreans was at the very least attempted. Log records for an SK Telecom user were found on the Hacking Team server for three separate dates on June 3, 4, and 17. The timeline roughly corresponds to an NIS request to Hacking Team to plant hacking spyware on a specific South Korean blog URL, suggesting a possible sequence to the hacking in which the NIS made the initial request, the user’s smartphone was infected, and the hacking was carried out by Hacking Team. One SK Telecom user who was hacked last month may also have been staying in China.

“Even if you’re using a smartphone with overseas roaming, the domestic address remains for the IP assigned for the connection,” explained a source at one telecommunications company.

If the NIS did attempt hacking on a South Korean, it could constitute a violation of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., which prohibits “transmission or spreading of malware.” Even if the activities amounted to “monitoring” - as some in the ruling Saenuri Party have claimed - a warrant, or at the very least an after-the-fact report to a court, would be required for any South Korean national.

“This could be viewed as a violation of the Information and Communications Promotion Act, and if messaging or telephone conversations were monitored or recorded in real time they could also be charged with violating the Protection of Communication Secrets Act,” said Sogang University law professor Lee Ho-jung.

The NIS continues to maintain that the program was used, in the words of Lee Byung-ho, only to “collect intelligence on North Korea.” It remains unclear whether the information found in the Hacking Team data relates to possible cases involving actual espionage. The Hacking Team server records only prove that the company was contacted by someone in South Korea; only the provider can verify who the actual user was.

When asked by the Hankyoreh to confirm the IP information, the companies replied that the information was private and could not be confirmed without a warrant from an investigative agency.

“There obviously is the possibility of NIS monitoring, with the confirmation of a South Korean IP address,” said an attorney and former prosecutor. “This is a matter that needs to be investigated by prosecutors.”

By Kim Oi-hyun, Seo Young-ji, Cho Seung-hyun and Bang Jun-ho, staff reporters

Please direct questions or comments to [english@hani.co.kr]