26.02.2021 Author: Konstantin Asmolov

Has South Korea been Passing Military Technology to Islamic Terrorists?


Some time ago, the author had a discussion with a famous political scientist from the ROK who was keen on proving the following hypothesis. The DPRK government was capable of passing on military secrets, even those required to make a nuclear bomb, to international terrorist networks, and even if the leadership chose not to do so, starving scientists could then supply such information. There is no direct evidence to support this theory but some individuals have reasons to believe that this has been happening, which is why tougher sanctions need to be imposed against North Korea whenever an opportunity to do so arises.

However, if one were to use the same logic in relation to the ROK, it would turn out that South Korea has long been passing on military secrets to Islamic terrorists and other groups, under the guise of information leaks, which happened regularly enough in 2020 alone.

The most widely publicized incident concerns “massive leaks of secret weapons technology” over a number of years from the Agency for Defense Development (ADD), which was established in the ROK in 1970.

Its researchers are suspected of habitually stealing hundreds of thousands of such secrets when they resigned or retired. According to an article published by The Chosun Ilbo on April 27, the Defense Security Support Command began “an investigation of some 60 former senior ADD researchers in cooperation with the National Intelligence Service and police over the theft of secrets.”

These agencies focused on about 20 former ADD researchers who had left their posts in the last two or three years. For instance, one of them resigned from the ADD in September 2020 and then landed a job as a senior fellow at a private university in Seoul. This individual is suspected of stealing a whopping 680,000 pieces of secret information to do with drone and other weapons systems as well as artificial intelligence technologies. Another former employee joined a research center affiliated with Khalifa University in the United Arab Emirates. He took key technology for South Korea’s Low-Cost Guided Imaging Rocket with him when he left the ADD.

A senior researcher at the Korea Defense and Security Forum has said the following on the issue:

“It has been usual for researchers in the field of arms development to personally carry such data for their references and it has also been common for those who once worked at state-run research agencies to later join other research institutions at universities or private companies in the defense industry.”

In fact, senior researchers at state-run arms development agencies are banned from working at local defense firms after retirement ― a rule for ranking public officials designed to prevent corruption. However, such regulations could lead to retired senior researchers giving technology to foreign companies or research centers.

In summer 2020, the Defense Acquisition Program Administration (DAPA) conducted an audit of ADD, its subsidiary. DAPA examined all the logs of portable storage devices used by 1,079 retired and incumbent employees between January 2016 and April 2020. The audit found that the ADD had been operating without proper security systems. In addition, DAPA’s investigation confirmed that several former researchers had used portable storage devices to open or transfer data files.

The ADD was supposed to conduct security checks on its soon-to-retire employees, but it had not done so for the past three years.

The DAPA audit also revealed that ADD’s data had been poorly managed using old security software that should have been updated several years ago. Furthermore, it showed that “about 62% of the 6,882 research computers at the ADD” had been operated without a security program called Data Loss Prevention, designed to protect from information theft by limiting the use of unauthorized storage devices. In fact, about 35% of the computers were not even registered as ADD information assets, and there were 3,635 unauthorized storage devices used despite such portable devices only being allowed in exceptional cases according to the ADD regulations.

In addition, there were no security check points at the gates of the ADD, nor security guards checking visitors. Anyone with a registered pass could come in and out without having their photo ID checked at the gates and “vehicle security screenings were not conducted.

After the audit, DAPA vowed to upgrade its security system and strengthen screening at its entry points, as well as to intensify supervision of prospective retirees and researchers engaged in key defense technology work. A new regulation that would require former ADD researchers to apply for permission when seeking jobs overseas was also under consideration.

However, according to officials, it was still unclear exactly how much data and what kind of technologies had been leaked.

Authorities were yet to detect any use of leaked data abroad, but further investigation was required. But in case of violations, the agency had the option of filing a civil lawsuit.

According to cybersecurity experts, the recent scandal involving ADD is not an exception to the rule but rather the norm in society at the managerial and organizational levels, as well as those related to technology use in South Korea. And none of the feel-good statements about South Korea’s leading positions in various digital competitiveness rankings could change the fact that the country has serious cybersecurity issues.

The punishment for violating security protocols was also not tough enough. Only in December 2020, after the aforementioned scandal, DAPA proposed a law revision to make leaking defense technologies overseas a crime publishable with at least one year in prison and a fine of up to 2 billion won (US$1.8 million) simultaneously.

Yet another widely publicized scandal concerns a project on a next-generation destroyer, referred to as the Korea Destroyer Next Generation (KDDX) and equipped with Aegis combat systems. In mid-July 2020, two companies, Hyundai Heavy Industries Co. and Daewoo Shipbuilding & Marine Engineering Co., submitted their bids for the 21 billion won (US$17.6 million) project. And in October, South Korea’s arms procurement agency, DAPA, informed the two shipbuilders of its evaluation of their proposals. Hyundai Heavy Industries Co. beat Daewoo Shipbuilding & Marine Engineering Co. by a margin of 0.056 point. The latter lodged an appeal against DAPA. In addition, local media outlets reported that a Hyundai Heavy Industries Co. official had allegedly stolen “a conceptual design for the KDDX drawn by Daewoo Shipbuilding in 2014” and then had used “it to draw the basic design for the destroyer”.

It turned out that three Navy officers were under investigation for allowing Hyundai Heavy Industries Co. officials to secretly film documents related to the envisioned next-generation destroyer project in 2014 to give the shipbuilder an advantage in winning the contract.

The military authorities also looked into the involvement of around a dozen Hyundai Heavy officials in the case. As a result, Daewoo Shipbuilding & Marine Engineering Co. filed for a court injunction against the project. However, the Seoul Central District Court dismissed Daewoo’s application, saying it was unclear if Hyundai had actually used the allegedly illegally acquired information. Following the ruling, DAPA decided to continue the project and to officially announce a preferred bidder later on.

On November 17, 2020, “a former Navy officer was sentenced to a year and a half in prison” for leaking confidential information related to the next-generation destroyer project. In addition, the court acquitted an incumbent officer of similar charges, citing a lack of evidence.

The same day, another Navy officer was sentenced to 18 months in prison for leaking confidential information related to a submarine project.

If industrial espionage is so wide-spread in South Korea, it is reasonable to ask whether other forms of spying are also prevalent. After all, if military personnel are willing to share secret information with officials, they could easily do so with individuals connected to international terrorist networks.

There is some evidence in support of the aforementioned theory. Equipment presumed to be a K7 submachine gun operated by the Korean military appeared at an arms fair in Iran. South Korean officials were unable to immediately explain how such a weapon ended up in Iran, which has been subject to US sanctions.

At this point, it is also worth discussing hacking attempts targeting the military. According to South Korea’s Ministry of National Defense, there were a total of 9,533 hacking attempts against the country’s defense information system in 2019. Their number almost doubled in comparison to 2018, when around 5,000 attempts were detected. Fortunately, none of them resulted in an actual leak of documents. The ministry’s cybersecurity experts reported that the majority of IP addresses used for the recent hacking attempts had been traced to China and the United States. However, it was hard to say where these attacks were coming from, as intruders often used proxy IP addresses to avoid exposing their identity. Following the surge in the number of hacking attempts, the ministry established a multilayered protection system to guard against leaks of sensitive defense information.

It was also reported that most of these attempts had focused on internet networks, and not the military’s intranet. However, in 2016, the military’s intranet did suffer hacking attacks, leading to the leakage of some defense information. At the time, South Korea blamed the DPRK for the incident, but there was no official response from Pyongyang. In order to better cope with growing cybersecurity threats, South Korea’s Ministry of National Defense earmarked around 250 billion won (US$213.6 million) in 2018 for a five-year comprehensive plan to develop technology and train manpower for cyberwarfare.

And although issues of cybersecurity are being resolved as they arise, a politically biased individual could conclude that the discussions about hacking attempts actually serve to distract one from far more sinister leaks, and that any reports to the contrary are simply propaganda.

Clearly, the author is open to discussing various viewpoints in response to the question posed in the title of this article. Still, leaking secret information to terrorists remains a possibility on account of all the recent issues South Korea has had. In fact, some in the ROK accuse the DPRK of such illicit activities with the same amount of existing evidence as that against South Korea.

Konstantin Asmolov, PhD in History, leading research fellow at the Center for Korean Studies of the Institute of the Far East at the Russian Academy of Sciences, exclusively for the online magazine “New Eastern Outlook”.


Please select digest to download: