TOKYO — North Korean hackers stole a huge trove of classified U.S. and South Korean military documents last year, including a plan to "decapitate" the leadership in Pyongyang in the event of war, a lawmaker in Seoul said Tuesday.
The purported revelations come at a time of heightened tensions over North Korea. President Trump recently said that "only one thing will work" when it comes to Pyongyang, hinting that he thinks diplomatic efforts are proving futile and military action may be necessary.
The defense minister in Japan, a close military ally of the United States, said Tuesday that Trump might take such action against North Korea as soon as next month.
“I think President Trump will judge in the middle of November how effective pressure and other efforts have been,” Itsunori Onodera told reporters in Tokyo. “If there have been no changes from North Korea, it’s possible that the U.S. will take severe measures.”
On Tuesday, Trump was briefed on the options on North Korea by Defense Secretary Jim Mattis and the chairman of the Joint Chiefs of Staff, Gen. Joseph F. Dunford Jr., the White House said.
In Seoul, Lee Cheol-hee, a lawmaker in the ruling Democratic Party and a member of the parliamentary national defense committee, said North Korean hackers broke into the Defense Integrated Data Center in September last year to steal secret files, including American and South Korean “operational plans” for wartime action. The data center is the main headquarters of South Korea’s defense network.
According to Lee, the stolen documents included OPLAN 5015, a plan drafted two years ago for dealing with full-blown war with North Korea and said to include procedures to “decapitate” the North Korean leadership. He said the cache also included OPLAN 3100, outlining the military response to infiltration by North Korean commandos or another local provocation, as well as a contingency plan in case of a sudden change in North Korea.
[Clues point to possible North Korean involvement in massive cyberattack ]
Pentagon spokesman Army Col. Robert Manning said Tuesday he was aware of media reports of the breach but would not say whether sensitive operation documents were exposed.
“We are confident in the security of our operations plans,” Manning said.
While the two Koreas have technically been on a war footing since the Korean War ended in an armistice in 1953, anything that suggests the death or ouster of North Korea’s leader, or his assassination, is tantamount to heresy in the North, where the ruling Kims are treated like gods.
Responding to reports about the plans for decapitation strikes, the North's Korean People's Army said in March that it would "deal deadly blows without prior warning" to "the U.S. and South Korean puppet forces."
"They should think twice about the catastrophic consequences to be entailed by their outrageous military actions," the army's general staff said, according to a state news report.
Lee made his claims about the alleged cyberattack to South Korean reporters, citing documents obtained from the Defense Ministry under a freedom of information request. Lee’s aides told The Washington Post on Tuesday that the lawmaker had collected information from several sources with knowledge of the cyberattacks, and they confirmed that local media had correctly reported Lee’s remarks.
Yonhap News Agency, citing Lee, reported that the hackers took 235 gigabytes of military documents and that almost 80 percent of the stolen documents have not yet been identified.
The documents also included reports on key South Korean and U.S. military personnel, the minutes of meetings about South Korean-U.S. military drills, and data on military installations and power plants in South Korea, reported the Chosun Ilbo, South Korea’s largest newspaper.
“I can’t reveal further details because they are a military secret,” Lee said, according to the paper.
The U.S. and South Korean militaries have a mutual defense pact under which the U.S. military would assume operational control of the alliance if a war breaks out. The two militaries conduct large-scale drills twice a year, rehearsing the responses to various scenarios on the Korean Peninsula.
As Kim Jong Un has accelerated his nuclear weapons program and aimed increasingly bellicose threats at the allies, those plans have been updated to include "beheading operations" — strikes designed to take out North Korea's leaders.
South Korea’s Defense Ministry declined to confirm or comment on the reports of a cyberattack.
[North Korea appears to have a new Internet connection, thanks to the help of Russian firm]
South Korean lawmakers have a spotty record when it comes to revealing information about what is happening inside North Korea, with many claims later turning out to be wrong. But in this case, the claims relate to something that has happened inside South Korea, and there have been hints about such a cyberattack in recent months.
In May, the Defense Ministry disclosed that the South Korean military’s intranet had been hacked by people “presumed to be North Koreans.” But the military said that only 53 gigabytes of information were stolen, and it did not reveal what was included.
The previous month, reports emerged that North Korean hackers had broken into the Defense Ministry network and infected more than 3,000 computers, including the defense minister’s, with malware.
At the time, South Korean newspapers, quoting unnamed government officials, reported that parts of one operational plan, OPLAN 5027, which outlines troop deployment plans and key North Korean targets, were stolen.
Current and former U.S. officials have said the United States also must be more proactive in launching and openly discussing cyberoffensives and retaliations. In May, retired Navy Adm. James Stavridis, the former commander of NATO forces, told lawmakers “we should advertise them accordingly” to demonstrate ability and resolve.
North Korea was potentially behind phony evacuation messages sent via cellphones and social media to military families and defense personnel in South Korea last month. That incident opens the possibility that last year's breach may have led to the harvest of personal information used for the notifications.
This is hardly the first time that Kim’s regime has been accused of cyberattacks. The country’s spy agency, the Reconnaissance General Bureau, is thought to have assembled a large cyber army, assumed to be based in China, to launch such hacks.
North Korea was allegedly behind many attacks on South Korea’s financial networks and government systems and was blamed for the hacking of Sony Pictures Entertainment in 2014, apparently as retaliation for the movie “The Interview,” which culminates with Kim’s death in an explosion.
Most recently, North Korea was accused of being behind a cyberattack last year on Bangladesh's central bank that netted $81 million and of masterminding the WannaCry ransomware that rocketed around the world earlier this year.
Pyongyang has repeatedly denied responsibility for or knowledge of the attacks.
The latest alleged cyberattack comes as the United States struggles to harden cyber defenses against adversaries such as Russia, China and North Korea, who have outpaced U.S. efforts to fold cyber weapons into conventional military operations.
The Army said in a manual released Monday that it will seek to put greater emphasis on cyber options in what it calls hybrid war — a blurring of cyber and space operations with traditional military actions like mobilizing ground troops and massing tank units.
Yoonjung Seo in Seoul and Alex Horton in Washington contributed to this report.
Trump signed presidential directive ordering actions to pressure North Korea
Companies struggle to recover after massive cyberattack with ransom demands
Not so isolated: North Korea’s elite uses Gmail, Facebook and iTunes
Today's coverage from Post correspondents around the world
Like Washington Post World on Facebook and stay updated on foreign news