Pentagon spokesman Army Lieutenant Colonel James Gregory said the US Department of Defense looks forward to reviewing the study.
“The Defense Department takes the threat of cyberespionage and cybersecurity very seriously, which is why we have taken steps to increase funding to strengthen capabilities and harden networks to mitigate against the risk of cyberespionage,” he said.
The South Korean Ministry of Defense says its secrets are safe. Ministry spokesman Kim Min-seok said officials were unaware of McAfee’s study, but added that it is technically impossible to have lost classified reports because computers with military intelligence are not connected to the Internet. When accessing the Web, military officials use different computers disconnected from the internal military server, he said.
A hack of sensitive South Korean military computers from the Internet “cannot be done,” Kim said. “It’s physically separated.”
However, Sherstobitoff said it can be done, though he is not sure that it has been.
“While it is not entirely impossible to extract information from a closed network that is disconnected from the Internet, it would require some extensive planning and understanding of the internal layout to stage such an exfiltration to the external world,” he said.
Kwon Seok-chul, chief executive officer of Seoul-based cybersecurity firm Cuvepia Inc, said recent hacking incidents suggest hackers may have enough skills to infiltrate the internal servers of South Korean and US military. Even if two networks are separated, hackers will do anything to find some point where they converge, he said. “It takes time, but if you find the connection, you can still get into the internal server.”
FBI Assistant Director Richard McFeely would not comment on McAfee’s findings, but said in a written statement that “such reports often give the FBI a better understanding of the evolving cyberthreat.”
Neither the McAfee nor the IssueMakersLab reports say who is responsible for the cyberattacks, but many security experts believe North Korea is the likely culprit.
South Korean authorities have blamed the North for many cyberattacks on its government and military Web sites they linked the March 20 attacks to at least six computers in North Korea that were used to distribute malicious codes.
Several calling cards were left behind after the March attack, taunting victims. Two different and previously unknown groups separately took credit: The “Whois Hacking Team” posted pictures of skulls and a warning, while the “NewRomanic Cyber Army Team” said it had leaked private information from banks and media organizations.
“Hi, Dear Friends, We now have a great deal of personal information in our hands,” one such note said.
However, McAfee said that claim, and others — including tweets and online rumors claiming credit for prior attacks — were meant to mislead the public and investigators, covering up the deeper spying program.
James Lewis, a senior fellow at the Center for Strategic and International Studies, said the attack is far more skillful and took place over a much longer period than was previously thought.
“I used to joke that it’s hard for the North Koreans to have a cyberarmy because they don’t have electricity, but it looks as if the regime has been investing heavily in this,” Lewis said. “Clearly this was part of a larger effort to acquire strategic military information and to influence South Korean politics.” North Korean leader Kim Jong-un has made computer use and the importance of developing the information technology sector hallmarks of his reign, devoting significant state resources toward science and technology. Though much of the country lacks steady electricity, a massive hydroelectric power station keeps the capital and state computer centers humming.