Pyongyang (GPA) – According to a South Korean lawmaker, the Democratic People’s Republic of Korea (DPRK) has stolen US and South Korean military plans.
South Korean parliament member Rhee Cheol-hee, confirmed yesterday that the hack by the DPRK in September had hit South Korean defense systems. He also informed reporters that Pyongyang had made off with a large cache of classified documents.
Included in the stolen material is the US-South Korean ‘decapitation’ strategy. This is the military plan drafted by the two countries to immediately take out DPRK leader Kim Jong Un in the event of a war on the peninsula.
According to Rhee, he obtained this information directly from the defense minister, who it was also revealed was successfully targeted by the hack. The hack focused primarily on networks belonging to the South Korean military, which aren’t supposed to be connected to the internet.
The complete hack – about 235 gigabytes – includes a host of information according to Rhee. This includes military plans for a peninsular war as well as essential sites in South Korea considered high-security priorities, such as power plants and military sites.
The hack – known by the code name “Desert Wolf” – was initially announced immediately after detection in September of last year, but at the time, South Korean leaders wouldn’t divulge what exactly was stolen. While it was later reported by some South Korean news agencies that the stolen data was likely military in nature, there was no clear picture of what that entailed until now.
Besides the ‘decapitation’ plan (known as Operational Plan 5015), another dossier was stolen, called Operational Plan 3100. OP 3100 is apparently a compilation of several contingency plans to deal with potential direct conflict situations that could occur on the peninsula.
The story of how the hack happened according to US and South Korean officials, is that the Defense Ministry contracted a company in 2015 for computer anti-virus software that turned out to be from a company that had been hacked by the DPRK.
According to South Korean experts, the government wasn’t aware of this security breach at the cybersecurity firm until after everything was stolen. South Korea does, however, claim that they tracked the hackers who hit the corporation back to the northeastern Chinese city of Shenyang, which is allegedly a “base for DPRK hacking operations.”
The virus was loaded onto internet-connected computers at the Defense Ministry, which allegedly enabled the transfer of the virus to PCs that only operate on the Ministry’s closed Network. Of course, none of this may be real, as South Korea has also acknowledged that the virus could have ended up on secure computers during a maintenance period where they were “accidentally connected to the internet.”
The DPRK denies being behind the hack and this second explanation could back that up since the internet is full of bad actors. Of course, if a non-state actor did steal this data and the DPRK purchased it, who could blame them?
James Carey is an organizer based in Detroit, Michigan, founder of Geopolitics Alert, and an experienced analyst on Middle Eastern affairs with a particular focus on Turkey. He also covers topics ranging from Latin America and Asia to Europe. You can also hear James in his weekly podcast; The Left is Dead which he co-hosts with investigative journalist Jake Anderson.