About the Author
Chaewon Chung
Chaewon Chung is a multimedia journalist. Born in South Korea, Chaewon moved to the States in 2004 with her family.
This article was published in collaboration with Coda Story.
Last December, an unidentified hacker stole the personal information of 997 North Korean refugees, shaking the refugee community in South Korea.
According to the Ministry of Unification, the refugees’ names, birthdays, and addresses were stolen from a personal computer at a Hana Center, an institute in North Gyeongsang province that the Ministry runs where North Korean refugees can receive help after arriving in South Korea.
For North Korean refugees, vulnerabilities in the computer system of the institution that holds so much of their information raised serious concerns, as their information could put family members back in North Korea in grave danger if it gets into the hands of the North Korean government.
“A lot of us couldn’t live our daily lives after hearing about the news. Anything that is connected to the safety of our family members is a crucial matter to us,” said Heo Kwang-il, a North Korean refugee and chairman of the Committee for the Democratization of North Korea (CDNK).
Another North Korean refugee, Lee Han-byul, told Coda Story that some refugees were afraid to even turn on the light in their houses.
“Ever since the Hana Center incident, many refugees have become hesitant in trusting and sharing personal information with the public and government institutions,” Lee said.
“Hana Center was not careful enough in handling personal information of the North Korean refugees”
South Korea is known to have one of the strongest information technology infrastructures in the world. However, North Korean refugees are extremely vulnerable to attack, and the Hana Center failed to understand the seriousness of the cyber threat against it.
The Ministry has confirmed that the Hana Center in Gyeongsang violated an order to use a segregated network when handling the personal information of North Korean refugees, leading to malicious code sent via an email to infect the personal computer of an employee.
But although the Center announced that it adopted network segregation after the incident, experts say network segregation is not a catch-all remedy.
“Network segregation cannot be a solution to all cyber attacks. There is a need to give more precautions to people who handle the refugees’ information,” said Kwak Jin, a professor of cybersecurity at Ajou University.
The refugees’ fears are amplified by the speed at which North Korea’s cyber power is growing.
“Often, the focus on North Korea’s nuclear capabilities, as serious as those are, detracts from the focus on their significant cyber capabilities,” said Elise Thomas, a researcher at the Australian Strategic Policy Institute’s International Cyber Policy Centre.
North Korea’s increasing cyber capabilities mean a more controlled and manipulative society at home.
While North Korea uses its cyberpower offensively outside of the country, it uses it defensively domestically by building a digital wall that can “protect” the people of North Korea from accessing outside information. It limits them to state-controlled propaganda websites that praise every action of Kim Jong Un and denounce the South Korean and the U.S. governments.
Keenly aware of North Korea’s cyber ability and the consequences of information exposed from past cases, North Korean refugees who have family members back in North Korea live in a state of constant anxiety.
In 2006, a group of North Korean refugees was found on a boat by a South Korean sentry soldier in Goseong, Gangwon Province in South Korea.
Terrified that their family members could be asked to take responsibility and punished for their escape, once the North Korean government learned about their identities, the refugees asked South Korean investigators not to reveal their information to the public.
However, Gangwon Provincial Police Agency gave a report that included details of the refugees’ identities to South Korea’s news media outlets, disclosing their personal information to the public.
After contacting their sources in North Korea, the refugees learned the devastating news that a total of 22 members of their immediate families had disappeared. Their whereabouts are still unknown.
“Anything that is connected to the safety of our family members is a crucial matter to us”
It seemed only natural that the refugee community was “infuriated,” said Heo, the CDNK chairman, when the news was released that the refugees’ information had, yet again, ended up unprotected.
Cyber threats targeting South Korea’s government and public institutions have been getting worse over time. And experts say one of their targets is the Ministry of Unification.
“Recently, issues related to North Korea and its relationship with South Korea and the United States has gained a lot of attention globally. Increased number of attacks on the Ministry of Unification could have been influenced as a result of such attention,” Kwak said.
According to the Ministry of Unification’s 2019 report on Hacking and Cyber-Attack Attempts, the number of cyber attacks on the ministry has significantly increased over the past several years, almost doubling to 630 from 2017 to 2018.
The Hana Center hacker’s identity remains unknown, and South Korea’s police are still investigating the case. Many North Korean refugees, including Heo, believe that the cyber attack was conducted by the North Korean government.
“North Korea has one of the strongest cyber armies in the world,” Heo said. “And their hackers not only operate in North Korea, but also in different countries.”
North Korea is alleged to have taken a role in multiple high profile cyber attacks in past years.
In 2018, the U.S. Treasury Department accused North Korea’s state-sponsored hacking organization, the Lazarus Group, of being behind the Wannacry ransomware attack that impacted hospitals, banks, and other companies in 150 countries, with damages ranging from hundreds of millions to billions of dollars.
North Korea denied any role in the cyber attack, but the Treasury Department sanctioned Lazarus along with two other North Korean hacking organizations. The FBI also charged a North Korean computer programmer, Park Jin Hyok, who allegedly worked for Lazarus on the WannaCry attack as well as the Sony Pictures hack in 2014.
As North Korea’s cyber capabilities are some of the most dangerous in the world, other countries including the United States are taking actions to strengthen their defense systems.
South Korea, the country that gets hit the hardest from the North Korean cyber threat, has prevented attacks from hackers for the most part with its cyber defense system.
However, Heo and Lee believe many North Korean refugees living in South Korea feel not enough is being done.
“Hana Center was not careful enough in handling personal information of the North Korean refugees,” Lee said. “And the Ministry of Unification should not neglect protecting the refugees.”
Heo said, “There’s an old saying in Korean: fixing the barn door after getting a cow stolen. Creating and telling us to contact the reception desk after getting our information stolen seemed pointless to many of us.”
“It is not like we are asking for something like money from the South Korea’s government. We are not asking for anything else, but to see us as the citizens of the country. And take us as people that are in the same position as other South Koreans.”
Special thanks to Coda Story for for assisting in the production of this story.
Edited by James Fretwell and Oliver Hotham
Featured image: Nika Kobaidze
This article was published in collaboration with Coda Story.
Last December, an unidentified hacker stole the personal information of 997 North Korean refugees, shaking the refugee community in South Korea.
Chaewon Chung is a multimedia journalist. Born in South Korea, Chaewon moved to the States in 2004 with her family.
Specialist news and analysis,
research tools, and unique data sets
Internet Explorer is not compatible with this website. We instead recommend using Chrome, Edge, Firefox or Safari.
Microsoft ceased supporting IE 10 and older in 2016.
In addition, Microsoft cyber-security chief Chris Jackson has been urging users to stop using the browser since February 2019.
Join the influential community of members who rely on NK News original news and in-depth reporting
Learn MoreEnter your details below
Don't have an account? SIGN UP
Join the influential community of members who rely on NK News original news and in-depth reporting
Learn MoreAlready have an account? SIGN IN
Join the influential community of members who rely on NK News original news and in-depth reporting
Learn MorePlease enter your username or email address. You will receive a link to create a new password via email.
Don't have an account? SIGN UP