Hacker Releases More South Korean Nuclear Data

Nuclear operator insists leaked secrets, including blueprints of reactor, are not ‘classified material’

Korea Hydro and Nuclear Power Co (KHNP), which operates South Korea’s nuclear power plants, has sought to reassure the public after a hacker released more files concerning its facilities.

KHNP is part of state-run utility Korea Electric Power Corp, and operates all 23 of the nuclear power plants located in South Korea.

Blackmail

Hacker, programmer, cyber crime, keyboard, computer © scyther5, Shutterstock 2014A hacker claiming to be the “president of the anti-nuclear reactor group” first managed to hack into the systems of a nuclear power plant in South Korea back in December.

A computer worm was later discovered in a device connected to the control system, but KHNP insisted that the breach had not reached the reactor controls itself.

The hacker had demanded the closure of three reactors by Christmas, and said that if they were not shut down by the deadline people should “stay away” from them. He has previously released blueprints of nuclear reactors on social networks, and well as other data such as plant air conditioning and cooling systems, a radiation exposure report and personal data of employees.

And now according to Reuters, the hacker has released more data, but a KHNP official said the data  was from the December hack, and not a fresh security breach.

On Thursday the hacker used Twitter to post more files online, and included a demand for money and an email address he could be contacted. The hacker also claimed that there have been offers from other countries to buy data related to nuclear power plants.

“We don’t know how they were leaked but one thing for sure is that there has been no attack from anti-nuclear groups since December,” an official at Korea Hydro and Nuclear Power Co Ltd, told Reuters, referring to the newly posted files.

KHNP has said that all of the documents were unclassified, as was the material leaked in December.

Critical Infrastructure

The potential risk to systems controlling critical infrastructure and industrial systems remains a worry for many governments and authorities around the world.

The dangers to infrastructure was first revealed to the world years ago when the malware known as Stuxnet, caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran. A German steelworks also suffered “massive damage” after a cyber attack on its computer network in late December.

Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

For example the United States has passed legislation that would protect its electricity grid from attacks. The GRID Act would direct the FERC (Federal Energy Regulatory Commission) to take measures to protect the electricity grid from telecommunications intrusions.

Are you a security pro? Try our quiz!