Software engineer could have spied for North

South Korean authorities are investigating whether a software engineer with links to North Korea stole government data and passed it to the country, according to several reports from Seoul.

The reports say the man allegedly stole information between 2005 and 2010 while working for a computer company tasked with developing software and systems for the South Korean government, reported The Associated Press from Seoul.

The man, who has not been identified, was convicted in 2002 of posting pro-North Korean information on websites, said the AP.

Despite that conviction, he was allowed to join a project working on the Korean Joint Command and Control System (KJCCS).

The Chosun Ilbo has a report on KJCCS from when it launched in 2008. The system is intended to bring together battlefield intelligence on the state and location of North Korean armed forces and present it in a way that allows senior South Korean military officials to quickly make decisions.

The engineer was suspended from the project and his job in March this year after failing to submit a security pledge, said The Korea Herald.

Despite his previous violation of the security law, he was allowed to visit the JCS computer center 11 times in 2007 and four times in 2008.

For unspecified purposes, he visited North Korea twice in January 2007 and February 2008. Prosecutors are not ruling out the possibility that the man handed over some of the data to the North, which has launched a series of cyber attacks on South Korea in recent years. – The Korea Herald, May 2, 2011

The report also says:

The man contacted officials of “Ryomyong,” an Internet site run by a North Korean agency handling espionage operations against the South, by email in April 2008. However, the investigators have yet to verify whether he handed over any stolen data to the North, according to the sources.

After he joined the DLP in May 2002, he posted a controversial message on the party’s bulletin board in August 2003, reading, “If I am to have a chance, I will work as a spy (possibly for the North).”

The man is not currently under arrest, said The Korea Herald.

Some of the data potentially lost includes the IP addresses of computers used by the South Korean military, said The Korea Herald.

I don’t have any in-depth knowledge on the infrastructure of KJCCS, but if it’s designed to handle highly-sensitive information then it would be unusual to have it connected to the Internet. Many military and critical computer systems are kept off the Internet so they cannot be targeted and attacked.

An affiliate of 38 North
Website Security Test