While the world followed the strange saga of the hacking operation against Sony Pictures, allegedly carried out by North Korea in response to a film depicting the assassination of Kim Jong-un, a separate cyber security breach unfolded in South Korea. South Korea’s nuclear plant operator, the Korea Hydro and Nuclear Power Co. Ltd. (KHNP), said on Monday that its computer systems had been hacked, with “non-critical” data (including the personal information of 10,000 employees as well as designs for two reactors) stolen and leaked online by the attackers. The incident raised major concerns about the ability of South Korean infrastructure to withstand cyber attacks – especially given the attractiveness of this asymmetric capability for Pyongyang.
Though Seoul and KHNP were adamant that the hack did not threaten the operations of South Korea’s nuclear power plants, the incident has prompted soul-searching over cyber security. President Park Geun-hye herself called the security lapse “unacceptable.” “Nuclear power plants are first-class security installations that directly impact the safety of the people,” Park told her cabinet, according to The Guardian.
South Korea’s government is investigating the attack on KHNP. Messages posted on Twitter by a user claiming responsibility for the attack demanded that three nuclear power plants be shut down; the authenticity of the messages could not be verified. So far Seoul has not officially accused Pyongyang of being responsible for the hacking, but government officials say the activity originated from Shenyang, a Chinese city near the North Korean border, believed to be an operations base for North Korean cyber experts. Given that, Justice Minister Hwang Kyo-ahn told the Korea Times, “We aren’t ruling out the possibility that North Korea was behind the latest hacking attack.” South Korea previously blamed Pyongyang for a series of cyber attacks on banks and media outlets in 2013.
Given that the attack was traced to a Chinese IP address, Seoul is seeking cooperation from Beijing in its investigation. A senior official from the Supreme Prosecutor’s Office told the Korea Times that Seoul was already “closely cooperating” with both China and the U.S. in its investigation. A South Korean official told Reuters that South Korea was specifically seeking China’s help in physically investigating the location of the IP addresses involved in the attack. “There is a possibility that the IP addresses in China are not the final source but used in a routing,” the official explained.
In the wake of the Sony hacks, the U.S. has also publicly called for Chinese help in preventing North Korean cyber attacks, to little avail thus far. But there may be more hope for China-South Korean cooperation on this front. Cyber security issues are a fraught topic in the U.S.-China relationship right now. There’s not even a dedicated platform for discussing them, as China called off its participation in the cyber working group to protest U.S. legal action against alleged hacking activity by PLA officers. However, the cyber question is far less weighted for China and South Korea, making discussions more feasible. Plus, Beijing and Seoul are in the midst of a warm period of relations, meaning China will be more likely to cooperate if South Korea makes it clear the investigation is a top priority.
Still, Beijing is not about to “abandon” Pyongyang either – despite actively seeking closer ties with South Korea, a stable relationship with the North remains a foreign policy must for China. Beijing is far more likely to call the result of any investigation inconclusive than to point the finger at North Korea’s government.
Chinese Foreign Ministry spokesperson Hua Chunying said she was “not aware of the specifics” of a South Korean request for cooperation on the investigation. She reiterated, however, that China “is firmly against all forms of hacking activities… We are ready to carry out constructive dialogue and cooperation with all countries to rise up to this challenge.”