SEOUL, South Korea – South Korea’s military said Friday it was investigating a hacking attack that netted secret defense plans with the United States and may have been carried out by North Korea.
The suspected hacking occurred late last month when a South Korean officer failed to remove a USB device when he switched a military computer from a restricted-access intranet to the Internet, Defense Ministry spokesman Won Tae-jae said.
The USB device contained a summary of plans for military operations by South Korean and U.S. troops in case of war on the Korean peninsula. Won said the stolen document was not a full text of the operational plans, but an 11-page file used to brief military officials. He said it did not contain critical information.
Won said authorities have not ruled out the possibility that Pyongyang may have been involved in the hacking attack by using a Chinese IP address — the Web equivalent of a street address or phone number.
The Chosun Ilbo newspaper reported, citing the January edition of its sister magazine Monthly Chosun, that hackers used a Chinese IP address and that North Korea is suspected of involvement. The Monthly Chosun cited South Korea’s National Intelligence Service and Defense Security Command.
Yonhap news agency also reported the hackers used a Chinese IP address. It said the North’s involvement was not immediately confirmed, also citing military officials it did not identify.
Officials at the NIS — South Korea’s main spy agency — were not immediately available for comment.
The U.S. stations 28,500 troops in South Korea to deter any potential North Korean aggression. The two Koreas have remained technically at war since the 1950-53 Korean War ended with an armistice, not a peace treaty.
“As a matter of policy, we do not comment on operational planning or intelligence matters, nor would we confirm details pertaining to any security investigation,” said David Oten, a spokesman for the U.S. military in Seoul.
The latest case came months after hackers launched high-profile cyberattacks that caused Web outages on prominent government-run sites in the U.S. and South Korea. Affected sites include those of the White House and the South’s presidential Blue House.
The IP address that triggered the Web attacks in July was traced back to North Korea’s Ministry of Post and Telecommunications, the chief of South Korean’s main spy agency reportedly told lawmakers, noting the ministry leased the IP address from China. The spy agency declined to confirm those reports at the time.
South Korean media reported at the time that North Korea runs an Internet warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service, and the regime has between 500 and 1,000 hacking specialists.
North Korea, one of the world’s most secretive countries, is believed to have a keen interest in information technology, while tightly controlling access for ordinary citizens.