Top brass of the U.S. Forces Korea is seriously worried that a joint South Korea-U.S. defense plan has been hacked, apparently by North Koreans. But South Korea claims no great damage has been done. At a session of the National Assembly's Intelligence Committee on Monday, the National Intelligence Service said the hacked material would not cause much damage to security.
A military source on Tuesday said USFK top brass, including Commander Gen. Walter Sharp, "recently expressed concern to our military about OPLAN 5027 being apparently accessed by a North Korean hacker." The U.S. military is apparently particularly concerned that the plan leaked out when a South Korean military officer used an unsecured USB memory stick on a computer.
The hacking took place in mid-November when a field-grade officer with the Korea-U.S. Combined Forces Command switched to the Internet on a dual-use PC with both Internet and Intranet services in his office and left a USB memory stick still inserted after finishing work on the Intranet.
| Almost as if he had planned it that way ... |
"The U.S. military has banned the use of USB sticks altogether in principle because secrets were leaked through USB memory sticks once in a while," a Defense Ministry official said. "We are going to prevent leakage of secrets through USB sticks by introducing a new verification system next year where Internet USB and Intranet USB are not compatible."
The U.S. military also operates separate Internet PCs and Intranet PCs, and officers can use only designated Intranet PCs when handling confidential documents.
The South Korean military operates some separate PCs for Internet and Intranet use but still maintains about 5,000 dual-use PCs due to lack of money. The ministry official said a budget of about W5 billion (US$1=W1,180) will allow it to get rid of all dual-use PCs and buy individual PCs by next year.
The U.S. military allows officers to use their own PCs only after they insert ID cards into the PC, making it difficult for unauthorized people to access individual PCs. But South Korean military officers can work on any officer's PC if they type in their own ID and password.
Regarding the hacker attack, the ministry says the incident was not serious because the full original text of OPLAN 5027 was not leaked but only an 11-page PowerPoint file created for educational materials for military leaders or newly assigned officers.
Nonetheless, the ministry will have to change the defense plan's framework if the file contains the basic context of certain operation plans.