North Korean refugees are at the center of massive data leak
North Korean refugees feel terrorized by Kim Jong-un’s hacker army
- Text by Chaewon Chung
- Illustration by Nika Kobaidze
Last December, an unidentified hacker stole the personal information of 997 North Korean refugees, shaking the refugee community in South Korea.
According to the Ministry of Unification, the refugees’ names, birthdays, and addresses were stolen from a personal computer at a Hana Center, an institute run by the Ministry where North Korean refugees can receive help after arriving in South Korea, located in North Gyeongsang province.
For North Korean refugees, vulnerabilities in the computer system of the institution that holds so much of their information raised serious concerns, as their information could put their family members back in North Korea in grave danger if it gets in the hands of the North Korean government.
“A lot of us couldn’t live our daily lives after hearing about the news. Anything that is connected to the safety of our family members is a crucial matter to us,” said Heo Kwang-il, a North Korean refugee and chairman of the Committee for the Democratization of North Korea.
Another North Korean refugee, Lee Han-byul, told Coda Story that some refugees were afraid to even turn on the light in their houses.
“Ever since the Hana Center incident, many refugees have become hesitant in trusting and sharing personal information with the public and government institutions,” Lee said.
South Korea is known to have one of the world’s strongest information technology infrastructure and North Korean refugees are extremely vulnerable to attack, the Hana Center failed to understand the seriousness of the cyber threat against it.
The Ministry has confirmed that the Hana Center in Gyeongsang violated an order to use a segregated network when handling the personal information of North Korean refugees, leading to malicious code sent via an email to infect the personal computer of an employee. And though the Center announced that it adapted network segregation after the incident, experts say network segregation is not a catch-all remedy.
“Network segregation cannot be a solution to all cyber attacks. There is a need to give more precautions to people who handle the refugees’ information,” said Kwak Jin, a professor of cybersecurity at Ajou University.
The refugees’ fears are amplified by the speed in which North Korea’s cyber power is growing.
“Often, the focus on North Korea’s nuclear capabilities, as serious as those are, detracts from the focus on their significant cyber capabilities,” said Elise Thomas, a researcher at Australian Strategic Policy Institute’s International Cyber Policy Centre, in Australia.
North Korea’s increasing cyber capabilities means a more controlled and manipulative society at home.
North Korea uses its cyber power offensively outside of the country while using its power defensively domestically by building a digital wall that can “protect” the people of North Korea from accessing information from outside of the country, limiting them to their state-controlled propaganda websites that praise every action of Kim Jung-un, while denouncing South Korea and the United States’ governments.
Keenly aware of North Korea’s cyber ability and the consequences of information exposed from past cases, North Korean refugees who have family members back in North Korea live in constant anxiety.
In 2006, a group of North Korean refugees was found on a boat by a South Korean sentry soldier in Goseong, Gangwon Province in South Korea. Terrified that their family members could be asked to take responsibility and punished for their escape, once the North Korean government learned about their identities, the refugees asked South Korean investigators to not reveal their information to the public.
However, South Korea’s Gangwon Provincial Police Agency gave a report which included details of the refugees’ identities to South Korea’s news media outlets, disclosing the refugees’ personal information to the public. After contacting their sources in North Korea, the refugees learned the devastating news that a total of 22 members of their immediate families had disappeared in North Korea. Their whereabouts are still unknown.
It seemed only natural that the refugee community was “infuriated,” said Heo, the refugee and chairman of the Committee for the Democratization of North Korea, when the news was released that the refugees’ information had, yet again, ended up unprotected.
Cyber threats targeting South Korea’s government and public institutions are getting worse over time. And experts say one of their targets is the Ministry of Unification.
“Recently, issues related to North Korea and its relationship with South Korea and the United States has gained a lot of attention globally. Increased number of attacks on the Ministry of Unification could have been influenced as a result of such attention,” Kwak said.
According to the Ministry of Unification’s 2019 report on Hacking and Cyber-Attack Attempts, the number of cyberattacks on the ministry has significantly increased over the past several years. From 2017 to 2018, the number of attacks almost doubled to 630.
The Hana Center hacker’s identity remains unknown. South Korea’s police are still investigating the case. Many North Korean refugees, including Heo Kwang-il, believe that the cyber attack was conducted by the North Korean government.
“North Korea has one of the strongest cyber armies in the world,” Heo said. “And their hackers not only operate in North Korea, but also in different countries.”
North Korea is alleged to have taken role in multiple high profile cyber attacks in past years.
In 2018, the U.S. Treasury Department accused North Korea’s state-sponsored hacking organization called Lazarus Group of being behind the Wannacry ransomware attack, which impacted hospitals, banks and other companies in 150 countries, with damages ranging from hundreds of millions to billions of dollars.
North Korea denied any roles in the cyber attack, but the Treasury Department sanctioned Lazarus along with two other North Korea’s hacking organizations. The FBI also charged a North Korean computer programmer, Park Jin-hyok, who allegedly worked for Lazarus on WannaCry attack as well as hacking of Sony Pictures in 2014.
With North Korea’s cyber power rising as one of the most dangerous in the world, other countries including the United States are taking actions to strengthen their defense system.
And as the country that gets the hardest hit from North Korea’s cyberthreats, South Korea’s cyber defense system has prevented attacks from North Korean hackers for the most part. However, Heo believes many North Korean refugees living in South Korea feels otherwise.
“Hana Center was not careful enough in handling personal information of the North Korean refugees,” Lee said. “And the Ministry of Unification should not neglect protecting the refugees.”
“There’s an old saying in Korean: Fixing the barn door after getting a cow stolen. Creating and telling us to contact the reception desk after getting our information stolen seemed pointless to many of us,” Heo said. “It is not like we are asking for something like money from the South Korea’s government. We are not asking for anything else, but to see us as the citizens of the country. And take us as people that are in the same position as other South Koreans.”
The story you just read is a small piece of a complex and an ever-changing storyline we are following as part of our coverage. These overarching storylines — whether the disinformation campaigns that are feeding the war on truth or the new technologies strengthening the growing authoritarianism, are the crises that Coda covers relentlessly and with singular focus. We work with dozens of local and international reporters, video journalists, artists and designers to bring you stories you haven’t seen elsewhere, provide you with context missing from the news cycle and illuminate the continuity between the crises we cover. Support Coda now and join the conversation with our team. No amount is too small.