Is South Korea's Intelligence Agency Spying on Its Own Citizens?


South Korea’s National Intelligence Service (NIS) is once again the object of unwanted attention. It is alleged, based on leaked information, that in 2012 the NIS purchased spyware from the Italian firm Hacking Team with the intent to spy on its own citizens by hacking Kakao Talk, an messaging app that allows users to text or call each other. Hacking Team, a Milan-based ICT company, sells “offensive intrusion and surveillance capabilities to governments, law enforcement agencies, and corporations,” according to one description.

States instinctively want to know more, because, as students learn in Foucault 101, there is immense power in knowledge. Through various state apparatuses, typically an intelligence or security organization, information is gathered under the guise of keeping citizens safe and free. Seen from the perspective of the state, it is both reasonable and expected that information will be culled, curated, and analyzed. But there is a line, and many feel the NIS has crossed it, again.

Recently leaked files, released following — ironically — a hack of Hacking Team, shows that South Korea’s “5163 Army Division” was among its foreign clients who had purchased Remote Control System (RCS) spyware. It is suspected the 5163 Army Division (no such division actually exists in South Korea’s army) is a name used by the NIS; the mailing address for the South Korea-based client “matches the address of the NIS civil service department,” according to the Korea Times.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

According to Hacking Team’s own description found in a document hosted by WikiLeaks, RCS is used as “a stealth, spyware-based system for attacking, infecting, and monitoring computers and smartphones. Full intelligence on target users for encrypted communications (Skype, PGP, secure web mail, etc.).”

One particularly troubling document, an email exchange from March 2014 between employees of Hacking Team, shows that the South Korean client, referred to as “SKA” (re: South Korean Army), was interested in “the progress of Kakao Talk,” implying an intention to use RCS to spy on Kakao Talk users. The document also shows SKA was, at the time, considering “the possibility of relocating their deployment overseas to prevent any future linkage between RCS and their country.”

Hacking Team has come under scrutiny after reports from the University of Toronto’s Citizen Lab accused the firm of selling spyware to illiberal governments. Specifically, Citizen Lab has discovered RCS spyware being used by, they suspect, the Ethiopian Information Network Security Agency to spy on journalists at the Ethiopian Satellite Television Service (ESAT) in the United States. This accusation, and more general concerns, are outlined in an open letter penned by Professor Ronald Deibert, director of Citizen Lab, to Hacking Team.

The NIS has denied using RCS to spy on its own citizens, according to sources, but refuses, on security grounds, to release the relevant log files. The relevant files were maintained by a now-deceased NIS agent, surnamed Lim. The agent took his own life earlier this month, apparently overcome by the brewing controversy. The suicide note left by Lim rejects the claim that South Korea was spying on its own citizens. The agent also indicated that he had deleted materials, acquired using the RCS spyware, related to North Korea. The NIS has since recovered the deleted files and claims that only “North Korean targets or terrorist suspects” were targeted.

In the meantime, the opposition New Politics Alliance for Democracy (NPAD) and ruling Saenuri Party have drawn battle lines. NPAD has taken to the offensive, with party members calling for the NIS to disclose its log files. On Thursday, NPAD co-hosted a seminar to discuss illegal surveillance and the allegations leveled at the NIS; Citizen Lab participated in the seminar via webcast.

The ruling party, meanwhile, has been providing cover for the NIS, insisting that its own internal review, which concluded that the agency never intended to spy on South Korean citizens, is sufficient. Saenuri’s position on the matter is in line with NIS: forcing South Korea’s intelligence organization to open relevant logs may reveal sensitive information about North Korea, ergo dealing a blow to South Korea’s national and cyber security. Opposition members, likening Saenuri’s position to religious belief, want a panel of civilian experts to join legislators in a more thorough investigation of the NIS’s spying activities.

Sign up for our weekly newsletter
The Diplomat Brief