Hackers Uploaded a Worm to South Korean Nuclear Plants

Illustration for article titled Hackers Uploaded a Worm to South Korean Nuclear Plants

Here's a scary thing that happened: South Korean authorities found evidence that a worm was recently removed from devices connected to nuclear power facilities. The news comes a little over a week after the country's nuclear plant operator received warnings on Twitter that its network had been compromised. Thankfully, the reactor controls were not infected.


The specific details of the low-risk worm remain unclear. South Korea's Energy Ministry says that the malware probably ended up on the nuclear power facilities through an unauthorized USB device. The reactor controls of Korea Hydro and Nuclear Power (KHNP), the state-run utility affected, are not connected to any external networks. However, somewhat surprisingly, Energy Minister Yoon Sang-jick told parliament that the worm was not connected to the other hacking incidents, a claim that "[drew] skepticism from some lawmakers," according to Reuters. Either way, the worm and them hacks do not reflect well on the state of South Korea's cybersecurity.

This is an especially worrisome attack in South Korea, since a third of the country's power comes from nuclear reactors. Authorities have not ruled out the possibility that North Korea is to blame, and KHCP is beefing up its cybersecurity staff from 53 to 70. That still seems like a small number of people to guard 23 nuclear reactors, huh? [Reuters]

Image via Getty


See all these old school switches, buttons, and dials? These are what control the plant. They are old school analog switches/buttons/etc and they are hard wired to the individiual piece of equipment that they are controlling. That's how nuclear plants are operated. I don't know of any commercial reactor that utilizes software in any actual safety related control capacity, partly for this very reason (and partly because even without hackers, old school analog hardware is way more reliable than new school software). The last thing anyone wants is a bug in the system, or a hacker, to prevent some action from being taken that would ensure the safety of the station and its surroundings, so the operators avoid the possibility entirely.

These viruses aren't any more danger to the station or the public than a virus at an advertising firm somewhere in LA. A bunch of people will be without functioning desktop computers for a few days while everything is getting fixed, but the station will keep on humming along like nothing happened, and with no effect on safety.