With a top Senate Republican warning that US leadership is edging us toward World War III, it’ll bring no one comfort to learn South Korean authorities believe that hackers working for the government of North Korea managed to steal highly-classified documents that included wartime contingency plans that were drawn up in 2015.
Speaking with local media, Rhee Cheol-hee, a South Korean lawmaker and a member of the South Korean Parliament’s National Defense Committee, said that a 2016 breach of his country’s Defense Ministry’s intranet was much worse than previously announced. Mr. Rhee claims to have obtained the information from the Defense Ministry after filing a freedom of information request. The documents show that authorities believe the hackers managed to obtain 235 GB of data but only listed the contents of 53 GB or 10,700 documents. From the report:
They include OPLAN 5015, the newest war plan that Seoul and Washington have worked; OPLAN 3100 for a response against commando infiltration or a local provocation; and a contingency plan for the Special Warfare Command in the event of a sudden change in the North or in response to a major provocation.
According to the New York Times, Operations Plan 5015 is known as the “decapitation” plan and outlines the steps that would be necessary for effecting regime change in the north. Considering that experts say North Korean dictator Kim Jong-un has ramped up his quest to develop a nuclear weapon primarily because of his desire to deter regime change, it seems safe to say that having these documents only fueled his resolve. Last month, North Korea carried out its sixth and most powerful test of a nuclear weapon.
In major cybersecurity breaches, North Korea tends to be one of the first suspects, along with Russia and China, but it’s difficult to definitively pin blame when hackers are good at what they do. In 2014, US officials did blame the hack of Sony Pictures on the North Korean government. Specifically, it’s believed that cybercrime outfit known as the Lazarus Group attacked Sony on behalf of the North Koreans. That group is one of several elite outfits, including Bluenoroff and Andariel, that have been linked to the dictator’s regime. But security researchers have believed for some time that these hackers were mostly after fast cash rather than espionage. That pattern seems to have come to an end, according to the Times:
In the attack in September last year, later code-named “Desert Wolf” by anti-hacking security officials, North Korean hackers infected 3,200 computers, including 700 connected to the South Korean military’s internal network, which is normally cut off from the internet. The attack even affected a computer used by the defense minister....
[Investigators] said the hackers operated out of IP addresses originating in Shenyang, a city in northeast China that had long been cited as an operating ground for North Korean hackers.
It’s a sobering reminder to the Trump administration that cyberwarfare can, at least in part, level the playing field among feuding countries. In order to build a top-notch hacking operation, a country doesn’t need to acquire rare, prohibited materials like they would to build a nuclear device. And the US cyber operations have been frequently embarrassed in high-profile ways recently. A long-the-works cyber deterrence plan from the Department of Defense has been repeatedly delayed. And just in the last month, it’s come to light that the NSA experienced “one of the most significant security breaches in recent years.” The very same day, officials admitted that White House Chief of Staff John Kelly’s personal cell phone had been compromised for months.
That doesn’t mean that the US isn’t also conducting its own cyber-operations against the North Koreans. Last week, The Washington Post reported that US Cyber Command has been carrying out attacks on North Korea’s Reconnaissance General Bureau. But as Wired points out, it’s difficult to say how effective these operations can be. Just slowing down the regime’s systems on a temporary basis is certainly realistic, but pulling off an attack like the Stuxnet virus that sabotaged Iran’s nuclear capabilities is more difficult because of North Korea’s limited connection to the wider internet—meaning it’s more difficult for us to get in. The country’s reliance on a local intranet and its use of offensive hacks from outside the country give it a particular advantage in cyberwarfare.
The US may have a tremendous advantage in brute force military capabilities and allied power, but it better be sure the systems that command that weaponry are perfectly secured if it’s going to do all this cocky sabre-rattling.