Korea-U.S. Defense C4I Compromised, South Korean Captain and a Defense Contractor Arrested for Spying for North Korea

Last modified date

2022-5-3, Tara O

A South Korean military officer and a defense contractor for IT systems were arrested for spying for North Korea in return for payments in crypto currency.  They have compromised CENTRIXS-K, a U.S.-Republic of Korea (ROK) Command, Control, Computer, and Intelligence (C4I) system, which was located in the bunker of the Ministry of National Defense (MND).  According to the information released on April 28, 2022 by the National Investigation Headquarters’ Security Investigation Bureau, the police arrested Mr. Lee, an employee of a defense network maintenance contractor on April 11, 2022 for violating Articles 4 (Fulfilling the Purpose) and 8 (Meeting, Communication, etc.) of the National Security Act.  Also arrested was a military captain on the suspicion of violating the Military Secrets Protection Act.

The police assessed that they were recruited by a North Korean espionage agent.  Mr. Lee, who is in his mid-30s, was a captain in the military, and became a contractor for defense system maintenance.  The North Korean agent recruited Lee through social media and gave him an order through Telegram to fulfill.  According to former MND spokesperson Kim Min-seok (김민석), around July 2021, the North Korean agent instructed Lee to recruit an active duty military officer, who can access military secrets, and recruited the captain. (2:00)  On the agent’s orders in January this year, Lee obtained a specialized watch with a hidden camera and listening device and mailed it to the captain for spying purposes.  (2:48) 

A spy watch sent at the order of a North Korean espionage agent

Between January and March 2022, the captain hacked KJCCS (Korean Joint Command and Control System), a classified ROK system, by inserting a tainted USB stick, potentially a poison tap. (3:28)  A poison tap connects to the USB port, but instead of announcing itself as a USB stick, it pretends to be an ethernet interface.  A backdoor is created this way to remotely access and manipulate the data on the computer network.  A virus could also be inserted via the USB stick.  Both hacking and providing intelligence to North Korea are gravely damaging to the national security of the Republic of Korea as well as to the U.S.

The North Korean agent paid in bitcoin.  Lee was paid ₩700,000,000 (~$600,000) and the active duty captain who helped Lee was paid ₩48,000,000 (~$40,000 ).  Lee provided mainly personnel information to North Korea, which allows North Korea to target them for further exploitation.  The captain previously was part of an elite “Special Mission Brigade” that targeted North Korean leadership, which was created under the Park Geun-hye administration.

The North Korean agent paid Lee ₩700 million (~$600,000) and the captain ₩48,000,000 (~$40,000) in bitcoin.

Kim Kuk-sung (김국성), formerly a senior colonel in North Korea’s General Reconnaissance Bureau (북한 정찰총국) and a close associate of Jang Song-thaek (Kim Jong-un’s uncle), stated that it is not just this one captain (one person), but many more; he asserted that the North Korean records indicate 120,000 spies in South Korea in important government organizations, including the Blue House, the National Assembly, National Intelligence Service, Ministry of Defense, and Korea Institute of Defense Analyses. (0:59)

Don’t destroy counterintelligence capability any further

This doesn’t bode well.  Spying is a serious problem in South Korea, despite the public being led to believe that there are no spies in modern Korea, with the pejorative saying of “are there spies anymore?”  While the police should be praised for arresting the spies, catching 1 or 2 spies is not a comfort, if there are 120,000 spies infiltrated throughout the government.  There needs to be better leadership and greater emphasis on this issue.  

A good start is not breaking what already works or worked.  The Democratic Party of Korea (Deobureo Minjoo Party) is trying to dissolve the National Security Act and already took away the counterintelligence investigative authority of the National Intelligence Service and dissolved the ROK military’s Defense Security Command.  These efforts, which have created a thriving atmosphere for North Korean agents and spies, need to be reversed.

Restore military morale

South Korean military morale has been sapped under the Moon administration.  The ROK MND was not allowed to call North Korea its “main enemy” anymore and that was reflected in military training by not only removing the term, but portraying North Korea as benign, despite their numerous missile and nuclear tests and other provocations, including the attacks on the ROK Navy ship Cheonan.  The military’s readiness also was severely degraded.  A key example is the canceling or downsizing of the various combined U.S.-ROK military exercises.  Another example is the 2018 Military Agreement’s restrictions unilaterally placed on South Korea by preventing military training of various units in the West Sea. Yet another case is the establishment of a no-fly zone that significantly affected the ROK and the US military, while having no or hardly any impact on the North Korean military.  Taking away or de-emphasizing the purpose of the military’s existence and positively portraying North Korea despite its hostile acts and words against the ROK are not good for morale.  Without a sense of purpose, it appears even an elite officer was relatively easily recruited.

_

Share