A North Korean soldier takes photos through the window while U.S. Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, is briefed at the Demilitarized Zone in South Korea, Nov. 11, 2012. (D. Myles Cullen/U.S. Army)
CAMP HUMPHREYS, South Korea — A special operations officer in the South Korean army allegedly traded military secrets to a North Korean hacker in exchange for nearly $70,000 in cryptocurrency, according to a South Korean military affidavit.
The army captain, identified in the redacted affidavit only as Kim, his surname, was arrested April 6 and charged with violating the National Security Act, military prosecutors state in the document.
The allegations against Kim are “absolutely shameful,” said a former South Korean special forces officer and former commander of a joint support group.
“In my 19 year-career in the military, this is the first time I’ve heard this kind of news,” Lee Kwan Woo, a former commander in the Eighth Army’s U.S.-South Korea joint support group, told Stars and Stripes by phone Wednesday. “Special forces officers and noncommissioned officers are trained on security — all of those members are trained very seriously to keep security.”
Kim attended South Korea’s school of infantry in 2015, according to military records cited in the affidavit. He then served as a platoon leader for a reconnaissance company in 2016 and five years later became a company commander in the 13th Special Mission Brigade, according to Lee a special operations group specifically trained to capture or kill leaders in North Korea.
In March 2020, an unidentified former classmate approached Kim with an offer of money in exchange for military information for a third party, according to the affidavit. Kim declined the offer, saying such an act is illegal, the affidavit states.
Around six months later, Kim, now in financial straits due to online gambling, accepted his classmates’ offer, the affidavit said. The classmate introduced Kim to Boris, a man who claimed to be an ethnic Korean living in China.
Boris, later identified as an agent for a North Korean hacking group, posed as an information broker working for an illegal sports-betting website, according to the affidavit. Boris claimed that information given to him would be passed on to Russian entities.
Prosecutors alleged Kim began providing Boris information about South Korea’s military in November. At Boris’ request, Kim used his cellphone to photograph the secured military network’s login screen and sent the images through Telegram, an encrypted messaging service.
In January, Kim allegedly collected additional photos, including the start-up screens for computers, for Boris. The North Korean agent was preparing a “USB-type” module containing a malicious program to hack into the military network, according to the affidavit.
Kim went on to send pictures of “wartime and peacetime operational” plans to Boris, which would “incur obvious danger to national security and interests,” the affidavit said.
Kim is believed by prosecutors to have received 0.89761 Bitcoin — equivalent to roughly $28,300 as of Wednesday — in exchange for his services between November and March.
One Bitcoin reached an all-time high of roughly $68,000 in November. Its value plummeted since then and is currently trading at around $31,000, depending on cryptocurrency exchanges.
U.S. officials in recent weeks have warned of a rise in North Korea’s illicit activities involving cryptocurrency thefts and computer network attacks.
“These capabilities also support military operations and national security goals to collect information, garner illicit revenue, and spread propaganda,” Navy Adm. John Aquilino, commander of U.S. Indo-Pacific Command, wrote in a statement submitted to Congress on May 17. “Cyber-enabled financial theft, extortion campaigns, and cryptojacking—compromising computing resources to mine digital currency — fund much of Pyongyang’s weapons development programs.”
