North Korea Hacks South Korea’s National Election Commission

Last modified date

2023-5-11, Tara O

South Korea’s National Election Commission (중앙선거관리위원회) has been cyber attacked 8 times in the past 2 years, 7 of which are believed to have been conducted by “Lazarus Group” a hacking organization which is linked to North Korea’s General Reconnaissance Bureau (북한 정찰 총국).  Lazarus Group gained notoriety after its hacking of Sony Pictures in 2014 in the U.S. after the studio produced a satire movie about Kim Jong-un, again in 2016 for stealing $81 million after it cyber attacked Bangladesh’s central bank, and again in 2017 for infecting Windows computers with its WannaCry ransomware, encrypting files so the owners cannot access them, and then demanding ransom payment in Bitcoin to decrypt the files.

On April 18, 2023, South Korea’s National police said Lazarus Group had spread malicious code to 207 computers in 61 government institutions since November 2022.  One of the institutions hacked was the National Election Commission (NEC).

The National Intelligence Service (NIS) reached out to the NEC to inform them about the hacking, but the NEC did not reply.  Without reviewing NEC’s systems, the NIS could not determine the extent of the hacking penetration or devise security measures.  South Korea’s Ministry of Public Administration and Security (행정안전부) and the National Intelligence Service each recommended that the NEC receive security consulting, but strangely, the NEC refused

In late March 2023, the NIS contacted the NEC to offer to conduct a security audit of NEC’s IT system,  but the election commission refused assistance, stating “it is not a legal obligation” and “there is political controversy.”  The NEC also rejected the alternative of receiving a security audit while the governing election commission officials are present.

On May 3, 2023, when asked about the hacking, a NEC official claimed the NEC completely blocked all attempted hacking by email, stating, “Hacking e-mail attempts have been detected, but all of them have been blocked by our own control system 24 hours a day.”  The NEC did not mention other types of hacking. 

The NEC official also denied being notified of the cyber attacks, stating “We have not been notified of North Korea’s hacking by the NIS.”  The official made it clear that it did not want any other government agency to review its IT system, citing its “independence as a constitutional organ” and a potential for “political controversy.”  Many netizens found this claim absurd, as reflected in some of the comments below.

It turned out that the NEC’s claim that it was not notified by the NIS regarding the cyber attacks was false.  Yoo Sang-beom (유상범), People Power Party, held a hearing on March 4, 2023 at the National Assembly.  In response to Assemblyman Yoo’s questions, the NIS representative said, “In the past two years, through 8 emails & phone calls, the NIS notified the NEC about cyber attacks such as hacking emails and malware infections, 7 of which were attacks from North Korea’s Reconnaissance General Bureau, and [the NIS] sent information necessary for countermeasures, such as the date and time of the attacks, IP address, etc.” and provided further details contained in the notifications.

The NEC official also claimed that it is impossible to hack the electronic vote counting machines that the NEC uses for elections in Korea.  The South Korean company that makes the electronic voting and vote-counting machines used in Korea exports the machines to other countries, and the exports of these machines are promoted by the National Election Commission. 

When asked about the hacking attempts on the Korean-made electronic voting machines used in Iraq, the NEC official said “Although the equipment is made by the same company, the Iraqi equipment can transmit information, while the voting equipment used by the NEC cannot transmit information, so there is no possibility of a hacking attempt.”

The NEC official’s claim that the voting equipment used in Korea is not able to transmit information is also false.  NEC chose a wifi company that uses Huawei equipment to provide internet and wifi to voting sites for handling the pre-vote ballots, which is unsecure.  The voting equipment also has multiple USB ports, which means it has the capability for connectivity with thumb drives, phone cables, keyboards, or computer mice for transmitting and receiving information.

The National Election Commission refused audit or review by any other government agencies in the past.  On August 12, 2022, the NEC refused to provide information to or be audited by the Board of Audit and Inspection (which audits other government agencies), stating “since the Election Commission is an independent body under the Constitution, it is difficult to be subject to the auditor’s inspection.”  The NEC is a government agency funded by taxpayers, and as such the citizens have the right to ensure that their funds are used properly by the NEC.

On March 3, 2023, members of the People Power Party’s Executive Committee issued a statement stating, “The irresponsible behavior of the National Election Commission, which is neglecting to take measures against a serious threat from North Korea, is absolutely unacceptable.”

In addition, various veterans’ groups representing veterans from the ROK Army, Navy, Air Force and Marines have issued a statement on May 11, 2023, calling for investigating the National Election Commission.  Separately, rallies were held in the Gwacheon complex (government office building complex, which includes the National Election Commission headquarters) on May 11, 2023 to denounce the NEC and to call for investigating the NEC for threatening national security (for refusing to have its hacked system reviewed).  The civic group plans to sue the NEC for dereliction of duty, according to former lawmaker Min Kyung-wook.

The below are partial online comments (1, 2, 3, 4) in response to the news of the NEC refusing to have the auditors or the NIS review its IT system after the hackings, including the cyber attacks by North Korea.  The public mistrust of the NEC is palpable.

  • They must be investigated and punished.
  • After the results of the April 15 [2020] general election counting, allegations of election fraud were strongly raised, but neither the Supreme Court nor the Election Commission showed a clear explanation or ruling on the matter. Seeing the NIS notification that North Korea hacked the National Election Commission, and that North Korea could have manipulated the results of the vote counting through hacking regardless of the actual votes, there is a strong suspicion that there are people within the NEC, who sympathize with or aid [North Korea]. This needs to be uncovered.
  • This is…a serious anti-state act that should be clearly investigated and severely punished. Since the NIS does not have investigative powers anyway [after the end of this year], the prosecutor’s office should investigate immediately~~~ After that, return the authority to investigate anti-state acts to the NIS~
  • With such a National Election Commission, the election is meaningless. It is a grave crime that is manipulated at will regardless of the will of the citizens. The evil people who sabotage liberal democracy must be destroyed.
  • In many countries in Europe, such as France and Germany, they emphasize the principle of manual counting of votes, and in nearby Taiwan, on-site manual counting is held at polling stations on the same day. This is because they know the harmful effects of electronic voting [and electronic vote counting], which is easy to hack and manipulate, and to prevent those harmful effects.   In recent years, in countries in Africa and South America, election fraud has been a problem due to electronic counting, resulting in large-scale protests close to revolution and punishment of those involved.  For the sake of fairness in voting, electronic voting and early voting should be abolished and changed to voting and counting the votes on the same day.  In addition, if the NEC’s computer network was hacked as reported, the problem should be revealed through a thorough security audit and investigation and the public should be informed of the truth.
  • The National Election Commission sign should be replaced with the National Election Manipulation Commission and hung or dismantled. It is a completely useless organization that only causes harm.
  • National Election Commission Chairman, who is appointed by a spy
  • It makes me suspect that the chairman of the National Election Commission, a leftist political judge, opened the NEC server to North Korea, so that North Korea could easily manipulate the election results in next year’s general elections. The NIS’ security capability is the best in the Republic of Korea.  Such a competent security office at the NIS notified the NEC of the North’s hacking and offered to look [at the system].  [The NECs] refusal of the proposal to inspect [the hacked system] can only be seen as the NEC’s attempt to allow North Korea to manipulate the election results collected in each constituency on the server in next year’s general elections. Prosecutors and the NIS will have to investigate the chairman of the NEC. It should also consider transferring the NEC to the Prime Minister’s Office.  The power of the NEC, the Anti-corruption and Civil  Rights Commission (권익위), and the Korea Communications Commission (방통위) has become too large.
  • The current NEC needs to be dismantled. The Democratic Party of Korea took control of it and now it colludes with North Korea? What good is voting? It would be ruined by manipulation!!! I don’t trust them. Either have another organization to monitor the National Election Commission at the time of counting votes, or disband it and have the Ministry of Administration and Safety manage it or create another organization.
  • Ah, the secret of 180 seats [the 3/5 majority for the Democratic Party of Korea from the April 15, 2020 elections; the 3/5 majority enables the Party to singlehandedly, without any other party’s support, pass any law it wants, except the Constitution].  If their seats exceed 100 next year, it would be the result of North Korea’s manipulation.
  • Don’t waste taxpayers’ money, just fire them all
  • Under these circumstances, can the citizens believe the election results announced by the National Election Commission in the future? This incident is a case of concealing a fraudulent election and finally festering~
  • Are they afraid that election fraud will be discovered?
  • The NEC must be thoroughly investigated.
  • The NEC should be audited by the Board of Auditors and investigated by the prosecutors.
  • NEC is pathetic. Viewing the [sophisticated] hacking by the North Korean Reconnaissance General Bureau as simple hacking. What a backward mindset. It’s lamentable.
  • If the NEC weren’t a group of liars, I don’t think they would go to lengths to avoid being investigated and audited.
  • The National Election Commission reigns over the country. Yoon Seok-yeol should immediately order an investigation into election fraud!!!!!!!!!!!!!!!!!!!!!!
  • What is the NEC, which is supposed to value neutrality and fairness, afraid of, avoiding inspection????  How many crimes have they committed….. Give the maximum sentence for bringing chaos to the state….. I hope they will thoroughly investigate….. Those who oppose should be sent to jail as the criminal ringleaders…. Let’s create a fair world.
  • The sovereignty of the citizens and the future of the country are at stake. Investigate the NEC!!!

_

Share