North Korean hackers allegedly stole classified military documents from a South Korean Defense Ministry database in September 2016, according to Rhee Cheol-hee, a member of South Korea’s National Assembly.
Rhee, who belongs to the ruling Democratic Party and sits on the Defense Committee, told CNN on Tuesday that he received information about the alleged hacking from the Defense Ministry.
He said the documents stolen included the South Korea-US wartime operational plan and a document that includes procedures to “decapitate” the North Korean leadership.
About 235 gigabytes worth of military data was stolen by the hackers, Rhee said.
When asked about Rhee’s comments by reporters at a daily press briefing on Tuesday, a spokesman from South Korea’s Defense Ministry declined to comment, saying the information is classified.
The Pentagon also declined to comment specifically on reports of the potential breach, but spokesman Col. Robert Manning said on Tuesday that the US is “confident in the security of our operations plans and our ability to deal with any threat from North Korea.”
“The operations plan that they are referring to is a bilateral plan, so the Republic of Korea-US alliance remains steadfast in their commitment to make sure they safeguard that information and ensure readiness on the Korean peninsula to counter any North Korean threats,” Manning said.
“I’m not going to address the specifics of that discussion but what I will tell you is that it is a ROK-US alliance commitment to make sure that they safeguard operations and plans,” he added.
Trump’s cryptic comments
Details of the alleged 2016 hack emerged as President Donald Trump continues to imply that diplomatic efforts to rein in North Korea’s nuclear and missile programs through negotiations have proven to be ineffective.
“Our country has been unsuccessfully dealing with North Korea for 25 years, giving billions of dollars & getting nothing. Policy didn’t work,” Trump tweeted on Monday.
In a pair of tweets sent Saturday afternoon, Trump said past agreements with North Korea have all been violated.
“Presidents and their administrations have been talking to North Korea for 25 years, agreements made and massive amounts of money paid … hasn’t worked, agreements violated before the ink was dry, makings fools of U.S. negotiators,” Trump wrote. “Sorry, but only one thing will work!”
Asked by reporters later Saturday about the tweet, Trump would only say: “You’ll figure that out pretty soon.”
But on Monday, Secretary of Defense James Mattis reiterated that diplomacy along with international economic sanctions against Pyongyang would remain the leading element of US strategy towards North Korea.
“It is right now a diplomatically led economic sanction buttressed effort to try and turn North Korea off this path,” Mattis said Monday during his opening remarks at the Association of the United States Army’s annual meeting in Washington.
But Mattis added that the military would continue to prepare options should diplomacy fail.
“We’ve got to be ready to ensure that there are military options that our President can employ if needed,” he said.
“Now what does the future hold? Neither you nor I could say,” Mattis said.
US Army Chief of Staff Gen. Mark Milley made clear Monday what a bind the US is in when it comes to solving the challenge of North Korea’s nuclear and missile programs, stating there are “no risk-free options” but said there is also not an “indefinite amount of time” to solve the crisis.
“A full-blown war on the Korean Peninsula will be horrific by any stretch of the imagination. No one has any doubts about that,” Milley told reporters.
North Korean-linked hackers
The US and South Korea have been aware of North Korea’s bold hacking operations for several years, linking Pyongyang to a series of sophisticated cyberattacks.
In 2013, when South Korea’s banks and broadcasters were attacked, that government blamed its neighbor to the north. In 2014, the US government blamed North Korea for the the hack on Sony Pictures.
And in April, North Korea was linked to attacks on banks in 18 countries after researchers connected hackers to an operation known as “Lazarus,” according to a report from Russian cybersecurity firm Kaspersky.
The stolen money was likely used to help advance North Korea’s development of nuclear weapons, Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies, told CNN at the time.
To hide their location, hackers typically launch cyberattacks from computer servers far from home. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.
Kaspersky is one of the world’s top cybersecurity firms, providing popular anti-malware protection to computers at homes and companies worldwide. Its researchers are known for exposing some of the most complex global hacking operations. US law enforcement remains suspicious of the firm’s ties to the Russian government, but Kaspersky strongly denies Kremlin influence on the company’s business.