hankyoreh

a research fellow at the University of Toronto non-profit research team Citizen Lab

The National Intelligence Service (NIS) is claiming a “threat to North Korea intelligence capabilities” as its reason for denying opposition and media demands to disclose log files and other information in response to allegations of civilian monitoring with a remote control system (RCS) hacking program. Its argument is that such a disclosure would reveal the nature and capacities of its activities, which are considered a state secret.

But the revelations contained in a batch of recently leaked documents shows incompetence and sloppiness that are inconsistent with an intelligence organization where security is paramount.

The chief issue for many is the fact that the NIS turned to an overseas business to obtain a hacking program for use in various intelligence activities. The company that sold the RCS, Italy’s Hacking Team, has its own servers that would allow it to look in on much of the NIS’s methods and monitoring targets.

“You can make a hacking program with basic technology. That isn’t difficult at all,” said one computer engineering professor on condition of anonymity.

“It looks like the NIS chose a foreign company because it could trust it with periodic update and then argue that it was impossible to investigate if the hacking was discovered, but it’s also very dangerous because it could end up exposing its activities,” the professor added.

Indeed, emails exchanged between Hacking Team employees on Apr. 20, 2013, show the Italian company was capable of viewing the number and size of hacking data files from the NIS. This would have left the company holding vital information that would allow it to see the general nature of NIS intelligence activities. The danger to those activities if that information had been supplied to another intelligence agency or North Korea would have been incalculable.

The NIS itself also exposed information about its targets to various people at Hacking Team. In a Jan. 2014, email to the company, the agency wrote that it had “some targets in China” and inquired about whether Hacking Team had any response to the 360 vaccine, a commonly used program in China. It also exposed target information in various “bait files” that it asked Hacking Team to produce. Its actions included sending Hacking Team pages on the Middle East Respiratory Syndrome (MERS) and Chinese adult sites it claimed to be planning to use as “actual targets,” and asking Hacking Team to plant spyware on blogs for cherry blossom viewing and restaurants serving tteokbokki, a popular rice cake snack.

The NIS remained aware of the risks of its interactions, but declined to use even basic security. It had previously responded indignantly when an IP address used by the agency was exposed during a tracking of Hacking Team activity by the University of Toronto non-profit research team Citizen Lab in Feb. 2014. But the emails exchanged with Hacking Lab were unencrypted, and passwords for attached documents were included in some of the messages.

By Kwon Oh-sung and Bang Jun-ho, staff reporters

Please direct questions or comments to [english@hani.co.kr]