Lost in the kerfuffle over North Korea’s hacking of Sony is this little irony: South Korea, the Hermit Kingdom’s main rival and a stalwart ally of the United States, has also been cyberspying on America.
South Korea has an active online espionage program that is primarily aimed at the North but also has been “targeting us,” according to a newly disclosed internal National Security Agency document.
The United States couldn’t be surprised to find that Seoul had eyes on its key ally and defender in the region. South Korea has a long history of spying on the United States, primarily to steal military and commercial technology.
The NSA document, which was included in the trove of classified files leaked by ex-NSA contractor Edward Snowden and published last week by Der Spiegel, includes a first-person account from an unnamed NSA employee who says the agency was aware of South Korea’s hacking operations but not “super interested” in them until they were ramped up “a bit more” against the United States. The document is undated but makes reference to an NSA manual published in 2007. It gives no indication why South Korea stepped up its cyberspying on the United States.
At the time the NSA noticed the increased hacking activity, the agency’s access to North Korean computer networks was “next to nothing,” the employee states. But the South had been hacking into the North’s systems. Proving that turnabout is indeed fair play, the NSA decided to piggyback on the South Korean hackers and use their already planted bugs to siphon data off North Korea’s computers.
The document doesn’t specify whether South Korea’s hackers were targeting the U.S. government or corporations, and it treats the spying as an aside in the story of how the NSA went on to launch its own hacking offensive against North Korea. As The Daily Beast previously reported, those efforts have been going on for years and were crucial to helping the U.S. government definitively pin the blame for the Sony hack on North Korea. The New York Times reported this week that the NSA began hacking into the North’s networks in 2010.
In 1996, Robert Kim, a U.S. naval intelligence officer, was arrested after handing classified documents over to South Korea. From 2007 to 2012, the Justice Department brought charges in at least five major cases involving South Korean corporate espionage against American companies. Among the accused was a leading South Korean manufacturer that engaged in what prosecutors described as a “multi-year campaign” to steal the secret to DuPont’s Kevlar, which is used to make bulletproof vests.
All of the cases involved corporate employees, not government officials, but the technologies that were stolen had obvious military applications. South Korean corporate spies have targeted thermal imaging devices and prisms used for guidance systems on drones. One spy confessed to stealing components for a massive, Gatling gun-style cannon that fires 20mm rounds, known as the M61 Vulcan.
But South Korea has gone after commercial tech, as well. A 2005 report published by Cambridge University Press identified South Korea as one of five countries, along with China and Russia, that had devoted “the most resources to stealing Silicon Valley technology.”
And South Korea hasn’t limited its economic spying to the United States. In 2013, Australia’s Federal Court alleged that South Korea’s intelligence service had sought to “cultivate Australian officials and public servants” in order to obtain sensitive information about trade negotiations between the two countries.
Spokespeople for the NSA and the South Korean Embassy in Washington didn’t respond to requests for comment.
One former intelligence official, who said he had no knowledge of any South Korean hacking campaign, did not appear surprised by the revelation.
“There’s a saying in intelligence that ‘Countries don’t have friends, they have interests,’” the former official said. And of course, he added, the United States spies on its allies, as well. About the only countries that are expressly off limits to American intelligence operations are members of the so-called Five Eyes, which include Canada, the United Kingdom, Australia, and New Zealand.
One reason American officials might not have raised a stink is the common adversary Washington and Seoul have in North Korea—and also in Beijing.
Chinese hackers have been brazenly stealing secrets from U.S. corporations for years, and they’ve also targeted South Korean firms. American officials got so nervous when Huawei, China’s biggest telecommunications company and an alleged shill for the country’s intelligence services, launched plans to develop South Korea’s wireless networks that they reportedly persuaded Seoul to route any sensitive U.S. or South Korean communications over separate networks not built by Huawei.
The NSA got some access to North Korea networks by drafting off the South Korean hackers. But it ultimately decided not to rely entirely on their handiwork and stepped up its own hacking operations against Pyongyang.
“You don’t want to rely on an untrusted actor to do your work for you,” the NSA employee said, voicing a level of mistrust for South Korea that American officials would find hard, if not impossible, to express publicly.