Control system drawings, etc. are hacked…the leaked documents exposed in a blog for a long time

It was confirmed that a large quantity of confidential materials, including the control system drawings of the major nuclear power plants in Korea, were hacked, putting the national power security system on emergency alert. The leaked materials were exposed in the blog opened by the hacker for a long time, and some raised the possibility of a serious incident that may threaten the national infrastructure. In particular, it was pointed out that a whopping 1,843 attempts have been made to hack domestic NPPs from 2010 till recently, and concerns are growing in that this hacking occurred after measures to strengthen the cyber security of NPPs were demanded last October during the parliamentary inspection of the administration.

According to the information Electronic Times obtained exclusively on December 18, the program for off-site radiological dose assessment around nuclear power plants as well as the design drawings of the Kori and Wolsong NPPs and the schematic diagrams of major systems were hacked, and the hacker disclosed these materials on the Internet in the blog opened on December 15.

The opened files include the design drawings and parts of the Kori NPP, the schematic diagram of the Wolsong NPP, the program for off-site radiological dose assessment around the Kori NPP, and the personal information of all employees of KHNP (Korea Hydro & Nuclear Power) power plants. All materials are internal documents that were created as official KHNP documents.

A KHNP insider said about this, “In consideration of the seriousness of this incident, we requested the investigative agency for investigation on 18:00 December 18.”

The blog in question is now shut down. The problem is that a number of Internet users accessed this blog until KHNP requested investigation. If hostile countries or terrorists viewed or downloaded the materials disclosed by the hacker, it could lead to a serious terrorist attack, sending a shockwave throughout the country. Also, in that the hacker made hard copies of these materials, the possibility of their leakage to the outside after the shutdown of the blog is very high.

The leaked documents contained contents signed by KHNP employees. All of them are JPG files. When the hacker stole the originals and turned them into picture files, he/she inserted the `Who am I’ phrase. It is the same phrase that was included in the malicious code which the security industry had a hard time responding to recently.

“Looking at the phrases found in the blog, they contained some expressions used in North Korea,” said a security industry insider. “It is possible that North Korea may be behind the hacking and disclosure of key NPP materials.”

Earlier at the end of November, an APT (advanced persistent threat) attack against NPPs in Korea was detected, and the authorities were placed on high alert. The attacker sent a Korean file titled `Control program` to the persons in charge of safety at major power plants. This document was a technical document that contained the detailed information necessary for NPP operations. At first glance, it was difficult to know that malicious codes were hidden in the document. Experts analyzed the document and found that the Korean document contained malicious codes that could damage key file extensions and the master boot record (MBR) and thus make the PCs useless as well as the backdoor that steals various kinds of information covertly.

The hacker who disclosed the KHNP documents was bold enough to call him/herself the ‘head of the Korean branch of an anti-NPP group.’ The hacker warned in the blog that the malicious codes he/she sent previously are just the beginning, and he might paralyze NPPs.

“According to the result of analyzing the characteristics of the blog, the culprit is well aware of the recent APT attack,” said another security expert. “As the threat of large-scale cyber terrorism is mounting, we must promptly respond to it together with relevant authorities.”

Coincidentally, James Lewis, a researcher of the Center for Strategic & International Studies (CSIS), said on December 18 at a meeting held by 38 North, a website specializing in North Korea, “North Korea is likely to stage a large-scale cyber attack with a new cyber weapon like Stuxnet to destroy major infrastructures.”

With North Korea vigilantly trying to attack key infrastructures like NPPs, if the above-mentioned materials had been actually hacked, it would lead to a large disaster. So preventive measures are urgently needed.

Kim In-soon | insoon@etnews.com

Photo Image