North Korea defector hack: Personal data of almost 1,000 leaked

Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said.

A personal computer at the state-run centre was found to have been “infected with a malicious code”.

The ministry said this is thought to be the first large-scale information leak involving North Korean defectors.

The hackers’ identity and the origin of the cyber-attack is not yet confirmed.

The North Gyeongsang resettlement centre is among 25 institutes the ministry runs to help an estimated 32,000 defectors adjust to life in South Korea.

Are defectors’ families in danger?

The North Korean government does not know the identities of all citizens who have defected. Some may be considered “missing persons” or they may have even been registered as dead.

Some 997 North Korean defectors have now been informed that their names, birth dates and addresses have been leaked but it is not clear what impact this will have.

Analysts say there are some concerns that the leak could endanger the defectors’ family members who remain in North Korea.

Sokeel Park, South Korea Country Director for Liberty in North Korea, an international NGO that assists North Korean defectors, says this hack will make other defectors feel less safe living in South Korea. They may change their names, phone numbers and home addresses.

Investigations by the unification ministry and the police are currently ongoing, with the ministry saying it would “do its best to prevent such an incident from happening again”.

On 19 December, the ministry became aware of the leak after they found a malicious program installed on a desktop at a centre in North Gyeongsang province.

The ministry said that no computers at other Hana (resettlement) centres across the country had been hacked.

One expert on North Korean cyber-warfare, Simon Choi, believes that this might not be the first time a Hana centre has been hacked.

“[There is a North Korean hacking] group [that] mainly targets [the] North Korean defector community… we are aware that [this group] tried to hack a Hana centre last year,” he told the BBC.

However, he added that it was not yet clear if any North Korean groups were responsible for the latest attack.

Has North Korea been behind previous attacks?

Cyber-security experts have been warning of the increasing sophistication of hackers from the North for some time.

In September, US prosecutors charged a North Korean man alleged to have been involved in creating the malicious software used to cripple the UK’s National Health Service.

The 2017 incident left NHS staff reverting to pen and paper after being locked out of computer systems.

One of the most high profile hacks linked to North Korea in recent years targeted Sony’s entertainment business in 2014 – wiping out massive amounts of data and leading to the online distribution of emails, and sensitive personal data.

North Korean state media has also often threatened to silence defectors in the South who make derogatory statements about the regime.

Sokeel Park told the BBC that cyber-attacks and phishing attempts on people working on North Korea are a common occurrence.

“They represent an asymmetric advantage for the North Korean authorities because attribution for cyber-attacks is so difficult and because the North Korean government intentionally relies so little on the internet”, he added.

However, the government in the South has not pointed the finger at North Korea this time.