Two South Koreans were arrested on charges of stealing military secrets on behalf of a suspected North Korean spy agent in return for cryptocurrency.
According to the police on April 28, the two were arrested earlier this month and face criminal charges of breaking the South Korean National Security Act.
A 29-year-old South Korean military officer was recruited by a North Korean hacker he was introduced to by his college classmate, who is a civilian, around March 2020. The officer began by taking pictures of the Army’s security protocols and main pages of the military’s intranet homepage in November last year. He sent those photos to a North Korean spy using the Telegram messenger application. Since then, the officer continued to leak classified military data by taking pictures with his smartphone and was paid about 48 million won ($37,700) in Bitcoin cryptocurrency by the North Korean spy.
A 38-year-old executive at a cryptocurrency company met the agent through an online cryptocurrency community six years ago. He was paid $600,000 in cryptocurrency through February last year. In July last year, he received an order to recruit an active military officer who can access military secrets but failed to recruit one at that time.
The two suspects began their conspiracy in January. The North Korean agent gave orders to them separately through Telegram. The two did not know of each other’s specific roles but they were both ordered to work on hacking into the South Korean military’s command communication system, the Korean Joint Command and Control System (KJCCS). They used the automatic conversation delete feature provided by Telegram, according to the police.
The military investigation team received information regarding the hacking attempt in January and gave the information to the police for the joint investigation.
According to the police, the two suspects attempted to hack into military secrets from January to March this year. The 38-year-old man purchased a spy camera watch and sent it to the officer. The man also purchased parts to make a USB hacking tool and assembled it on his own. He connected the USB to his laptop, which allowed the North Korean spy to remotely access his computer from overseas.
The military officer brought the spy camera watch inside the military base and provided military data such as KJCCS login information to the North Korean spy and the cryptocurrency executive. However, the police said that hacking into the communication system itself failed.
“This is the first espionage case by an active serviceman who was recruited by a North Korean hacker,” said the Ministry of Defense’s prosecution office. “If the network used by the military was hacked, many military secrets could have been leaked, causing a grave threat to national security,” the office said. “However, we were able to prevent that by investigating closely with the police.”
The police also released a statement, saying, “if the hacking tool was delivered completely, military secrets could have been leaked through the KJCCS. We will take the most severe measures against crimes that threaten national security.”
The police said that they suspect that the agent is from North Korea after assessing how he phrased his Telegram messages. “The identity of the North Korean spy is not clear but we think the person is a North Korean agent when considering how he operated. However, it is difficult to track down agents in general.”
According to the media, the military officer told the investigative agency that he committed the crime due to his debt caused by online gambling. He reportedly accepted the recruitment offer from the North Korean agent in return for financial assistance in cryptocurrency.
On April 28, the Hankook Ilbo newspaper exclusively reported that information stored in the command communication system controlled by U.S.-ROK combined forces was leaked to the enemy.
The classified system called CENTRIXS-K is stored at the underground bunker in the headquarters of the military command located in Yongsan, central Seoul. According to the report, the police transferred a man surnamed Lee, who works at a company that manages the military communication system, to the prosecution on April 11 for violating the National Security Act. Lee faces charges of hacking military secrets after accessing CENTRIXS-K. The military investigation agency also arrested a military official who aided Lee’s espionage in exchange for 30 million won ($23,557).
The CENTRIX-K is technically operated by U.S.-ROK combined forces, but the South Korean military has limited access to the server. The U.S forces unilaterally manage the maintenance of the server.
The police charged Lee with multiple crimes under the National Security Act, suggesting that his crimes were on the order of North Korea. The police analyzed Lee’s smartphone and smartwatch to find out that he was in contact with the North Korean agent.
