SEOUL (Reuters) - Computer systems at South Korea’s nuclear plant operator have been hacked, the company said on Monday, sharply raising concerns about safeguards around nuclear facilities in a country that remains technically at war with North Korea.
The Korea Hydro and Nuclear Power Co Ltd (KHNP) and the government said only “non-critical” data was stolen by the hackers, and that there was no risk to nuclear installations, including the country’s 23 atomic reactors.
But the hacking was reported as the United States accused North Korea of a devastating cyberattack on Sony Pictures.
Experts voiced alarm that the controls of the nuclear reactors could be at risk.
“This demonstrated that, if anyone is intent with malice to infiltrate the system, it would be impossible to say with confidence that such an effort would be blocked completely,” said Suh Kune-yull of Seoul National University.
“And a compromise of nuclear reactors’ safety pretty clearly means there is a gaping hole in national security,” said Suh, who specialises in nuclear reactor design.
The government is investigating but has not said who might be responsible. In 2013, South Korea accused the North of a series of cyberattacks on banks and broadcasters. Anti-nuclear activists in South Korea have also protested against the use of nuclear power.
South Korea’s energy ministry said it was confident that its nuclear plants could block any infiltration by cyber attackers that could compromise the safety of the reactors.
“It’s our judgement that the control system itself is designed in such a way and there is no risk whatsoever,” Chung Yang-ho, deputy energy minister, told Reuters by phone.
An official at the country’s nuclear plant operator KHNP, which is part of state-run Korea Electric Power Corp, told Reuters that the hacking appeared to be the handiwork of “elements who want to cause social unrest”. He said he had no one specific in mind and did not elaborate.
“It is 100 percent impossible that a hacker can stop nuclear power plants by attacking them because the control monitoring system is totally independent and closed,” the official said.
They also said they could not verify messages posted by a Twitter user claiming responsibility for the attacks and demanding the shutdown of three ageing nuclear reactors by Thursday. The post also asked for money in exchange for the leaked data.
The user who was described in the posting as chairman of an anti-nuclear group based in Hawaii said more documents from the nuclear operator will be posted if the reactors are not closed.
Additional reporting by Sohee Kim; Editing by Raju Gopalakrishnan