Roy Kim, co-author of 'The Dandong Project,' is interviewed by The Korea Daily. © The Korea Daily

From Tracing Numbers to Unveiling 'Structural Facts'

ㅡIt's been a while since you've met readers with a new book. Professor Kim Mi-young, with whom you've researched extensively, is unfortunately undergoing surgery, so you've come alone for this interview. Could you please introduce yourself first?

CEO Kim Mi-youngHello. I am Kim Sang-hoon, working under the pen name Roy Kim. Today's session should rightfully be with Professor Kim Mi-young, but due to her sudden surgery, I am here to share our story. Since the April 15, 2020 general election, I have written books such as 'Hacker's Fingerprint' and 'Hacker's Fingerprint Discovery' to investigate the distortion of election data, and have produced related documentaries and white papers. The 'Dandong Project,' published this time, is the result of tracing back the infrastructure and perpetrators of how the traces of computational manipulation we've investigated could have originated and been executed.

ㅡYour white papers and reports have caused significant waves among domestic and international security experts.

“I am grateful that many people have gained a deep understanding of the vulnerabilities in South Korean elections through my white papers. A prime example is former US Ambassador for International Criminal Justice, Moss Tan. Initially, I understand he was skeptical about the issue of election fraud in Korea. I heard he was very difficult to persuade. However, I was told that while many people both domestically and internationally were trying to persuade him, he read the white paper on election fraud that I wrote and finally came to understand and agree with the problem of election fraud in Korea.

Although I have never met him directly, I understand he began his active engagement at the American Conservative Union Foundation (CPAC) last year. When he visited Korea, he briefly mentioned hybrid warfare and the 'One Program Center' in Dandong at a press conference. It appears he had read the content of the report I had written before writing this book.

The mention in his press conference about the 'One Program Center' in Dandong, which I wrote about before compiling this book, also seems to be based on my report.

ㅡThe 'follow the party' algorithm you proposed in your previous work, 'Hacker's Fingerprint,' continues to garner attention. Could you explain the concept in simple terms?

“The April 15, 2020 general election was filled with statistically improbable and unusual phenomena. The Democratic Party nominated candidates in all 253 constituencies nationwide and, with the exception of one district (Gyeongju), secured over 15% of the vote in all areas, thus recovering their full election expenses. Despite such remarkable achievements, the Democratic Party has not engaged in such comprehensive nominations in subsequent elections. This is a point that is difficult to understand from a common-sense perspective.

‘Follow the party’ is a mathematical pattern derived from the process of standardizing and normalizing the early voting and election day voting data across all constituencies and then comparing them. It's a complex mathematical process with five stages, making it difficult for the public to grasp intuitively. However, its core was to reveal 'artificial figures of computational manipulation' that cannot arise from human voting behavior.

The Sino-Korean Friendship Bridge (left) and the Broken Sino-Korean Railway Bridge, viewed from Dandong, a border city between China and North Korea. On the other side of the bridge is Sinuiju, North Korea. Jan 2022 [Yonhap News]ㅡWhat was the reason for introducing 'standardization' in the data analysis process?

“Many people simply looked at the difference between early voting turnout and election day turnout and argued, 'The Democratic Party got over 10% more in early voting, so it was manipulated.' I believed this was the wrong approach. Since the voting dates and the number of voters are different, a flat comparison of the numbers themselves is not scientific.

To give a simple example, depositing 200,000 won in Bank A and receiving 2,000 won in monthly interest, and depositing 1,000,000 won in Bank B and receiving 20,000 won in monthly interest – directly comparing the interest amounts is meaningless. We need to divide by the principal to establish a standard called 'interest rate' to properly compare the two banks. I underwent a standardization process by calculating and comparing the proportion of votes for early voting and election day voting separately. Because the process was so dry and difficult, I was heavily criticized at the time, with some calling it 'wrapping conspiracy theories in complexity.' However, it was an academic procedure that I absolutely could not abandon to prove the undeniable truth of computational manipulation.

Dispelling the Myth of Conspiracy... Clarifying the Perpetrator, Method, and Route

ㅡFrankly speaking, after the 'follow the party' controversy, the narrative of election fraud became trapped in the frame of a grand 'conspiracy theory' in political circles. How do you respond to such criticism?

“Lee Jun-seok is a representative figure who claims election fraud is a conspiracy theory. His common argument is this: 'No one can explain who manipulated it, when, or how. They merely claim that the early voting data is unusual.' That's why it's a conspiracy theory.

I don't simply refute that criticism. Rather, that poignant point became the driving force that pushed me into deeper technical investigation. And the book that contains the perfect answer to that question is 'The Dandong Project' released this time.

ㅡSo, what is the answer to 'who, how, and through what route' revealed in this book?

“In this book, the perpetrator of the manipulation is not unknown. It is the 63 Research Institute under North Korea's Reconnaissance General Bureau, also known as 'Kimsuky.' This is an officially recognized fact stated in the security advisory jointly signed in 2023 by South Korea's National Intelligence Service (NIS), National Police Agency, Ministry of Foreign Affairs, and the US FBI, NSA, and Department of State.

The method is also not vague speculation. It is man-in-the-middle attacks and data mirroring that exploit specific vulnerabilities 'CVE-2018-10561' and 'CVE-2018-10562,' listed in the official database of the US National Institute of Standards and Technology (NIST).

The route of manipulation is also clear. It is a vast flow connected through , which is traced through corporate disclosure documents and government procurement records.

Ultimately, this book is not an assertion of vague suspicions, but a record of 'structural facts' that 'this structure has already been formed, the NIS has officially confirmed its dangers, and the National Election Commission (NEC) refused to fix it.'

At one point, I felt deep self-reproach and regret because I thought Representative Min Kyung-wook and other patriotic citizens were being labeled as conspiracy theorists because of me. That regret has become an inescapable responsibility that led me to uncover this specific structure.

Inside and outside the One Program Center in Dandong, China [Excerpt from the book]The June 3rd Election Incident and the Grand Deception of 'Electronic Voting'

ㅡRecently, the June 3rd election saw an unprecedented situation where voters were turned away due to a shortage of ballots. How do you diagnose this incident?

“I do not see this as a mere administrative error or mismanagement. Some are even making light of it, calling it an 'amateurish election fraud due to the absence of a control tower like Lee Hae-chan,' but its essence is far more serious. Lee Jae-myung, on the other hand, laughed it off, describing it as a 'lack of sensitivity to suffrage.' The very idea that the sacred right to vote is a matter of sensitivity is shocking. It is a statement that thoroughly disrespects and deceives the fundamental rights of voters.

I view this June 3rd election as an extension of hybrid warfare. Very unusual scenes unfolded consecutively in this election. The scene where Lee Jae-myung protested to election officials that only half the ballot stamp was applied, the situation where voters were turned away due to a lack of ballots, and the scene where a non-election official, surrounded by protestors, suggested electronic voting as a solution, stating, 'I can't do this anymore.'

It is particularly noteworthy that this official gave an exclusive interview to a foreign media outlet, the BBC, advocating for the introduction of electronic voting. An ordinary public official proposing the introduction of a specific system to a foreign media outlet without superior approval? This is impossible unless it's a pre-scripted scenario.

A 'Roadmap for Introducing a Blockchain Online Voting System' was already completed during the Moon Jae-in administration in 2018. I believe the series of chaotic events occurring at polling stations are precisely to build justification for the introduction of full-scale electronic voting. If electronic voting is introduced, issues with personnel mobilization, allegations of poor ballot management, and disputes over stamping errors would all superficially disappear. The election commission itself would be neutralized. This is why the Democratic Party demands investigations that could lead to the dissolution of the election commission, yet draws a line when it comes to allegations of early voting manipulation. They don't need early voting, but they absolutely need 'electronic voting.' We must not be deceived by this ploy.

A Vast Hacking Infrastructure Originating from the Banks of the Yalu River

ㅡWe are curious about the meaning of the book's title, 'The Dandong Project,' and why you compare it to the 'Manhattan Project,' humanity's first nuclear development plan.

“Dandong is a border city in Liaoning Province, China, facing Sinuiju in North Korea across the Yalu River. In 2001, the North-China joint 'One Program Center' was established in this city. Dandong is the starting point where the seeds of this entire brutal story were sown, the birthplace of the security vulnerabilities in South Korea's election system.

The comparison to the Manhattan Project is due to the similarity in their technical and political structures. It is absolutely not that the content is the same. To avoid misunderstanding, the directions are exactly opposite. While the Manhattan Project was a top-secret collaboration of scientists, politicians, and military personnel to protect the free world, the Dandong Project is a highly sophisticated secret project in which China, North Korea, and domestic leftist forces colluded to dismantle liberal democracy. And there is one more crucial difference: a nuclear bomb, when detonated, is known to the whole world, but computational hacking of elections goes unnoticed even when it occurs.

ㅡThe claim that North Korea's One Program Center is threatening South Korea's election system 20 years later might seem like a huge leap. Is there technical evidence?

“I also found it hard to believe when I first started tracing this connection. Therefore, this book excludes any speculation and is based strictly on official records. There are 364 footnotes (sources) in almost every paragraph on page 251 of the main text.

In the list of joint development projects that the One Program Center previously posted on its official website, 'DASAN WEB NMS Application and DASAN NETWORK equipment system' by Dasan Networks, a South Korean telecommunications equipment company, was clearly listed. The joint development of Dasan's telecommunications equipment system with North Korea's elite IT personnel is not speculation but a fact they themselves disclosed.

Opening ceremony of the One Program Center in August 2001 [Excerpt from the book]ㅡHow did that North Korean technology infiltrate South Korea's election network?

“According to the public bidding records on the government's Nara Market in 2019, Dasan Networks' equipment was extensively supplied to the NEC's dedicated election communication network through LG U+. And in 2023, the NIS officially announced after a security inspection of the NEC that it was 'in a state where manipulation of vote counting and tabulation from the outside is possible.' The security advisory jointly signed by six South Korean and US intelligence and security agencies officially confirmed that after the closure of the One Program Center, its personnel were reorganized into 'Kimsuky,' a hacking group under North Korea's Reconnaissance General Bureau.

The Election Network's Door Becomes 'Open Sesame'

ㅡCould you explain the security vulnerabilities 'CVE-2018-10561' and '10562' mentioned in the book in a way that the public can easily understand?

“GPON routers are large communication devices for public institutions that convert optical cable signals into data, acting as the 'front door' of a network. If this front door is breached, all internal data can be viewed, modified, and blocked.

To explain the CVE-2018-10561 vulnerability announced by the US National Institute of Standards and Technology (NIST) simply: this front door has a lock. By simply entering the specific string '?images/' at the end of the URL address bar of this device, the lock opens without a password or authentication process. It's like a cave door opening with the magic word 'Open Sesame.' When this is combined with the second vulnerability (10562), which allows arbitrary command injection, the gateway device of South Korea's election communication network can be completely controlled remotely.

ㅡThe NEC has always argued, 'The internal and external networks are strictly separated, making hacking impossible.'

“It means there is an open door in the communication path through which the vote count results are transmitted from the counting stations to the central NEC server. And someone can change the data through that door. The environment has been created where 'data transmission layer manipulation,' as exposed by the CEO of Smartmatic in Venezuela, is structurally possible in Korea, as officially confirmed by the NIS.

The network separation scenario is an effective defense mechanism when blocking attackers trying to enter through the normal front door. However, the NIST official vulnerabilities discussed in this book are not typical external hacks. It means that a 'secret door unknown to anyone' was already created internally. Until the hidden password is entered into the address bar, it appears as an ordinary wall to the eyes of a general security expert. But to the person who designed that password, it is a door that can be opened at any time. No matter how strongly the front door is locked with iron, if there is a secret passage behind the wall, the network separation defense is rendered powerless.

ㅡWhat part of the Korean election system corresponds to the 'data transmission layer' in the Venezuelan case?

“The manipulation method exposed by Antonio Mugica, CEO of Venezuela's Smartmatic, in 2017 is one of the core arguments of this book. He clearly stated that the manipulation did not occur within the voting machines themselves. Instead of tampering with the voting machines, the numbers are changed by seizing control of the 'data transmission layer' through which the vote count data is transmitted from the voting machines to the central server. That is why no trace of manipulation is found even if the voting machines are thoroughly inspected.

In South Korea's election system, that data transmission layer is the dedicated election communication network. This network was established in 2019 through a contract between the NEC and LG U+. LG U+'s LTE base stations use Huawei equipment, and Dasan Networks' GPON, switches, and routers are installed in the wired sections. And the backup operation of the NEC servers, where that data ultimately arrives, is managed by MDSTech, a subsidiary of the Dasan Group.

Huawei is a company for which British security agencies have reported the existence of backdoors in 55% of its equipment firmware. Dasan GPON equipment had inherent vulnerabilities CVE-2018-10561 and CVE-2018-10562. The Korean election communication network, with both of these devices installed, is structurally identical to the segment where manipulation occurred in Venezuela.

Photo of Huawei equipment supplied to LG U+ [Excerpt from the book]ㅡWhen the vulnerabilities discovered in the US were reported, how did the manufacturer, Dasan, respond?

“When the US NIST discovered the vulnerabilities, they immediately requested a security patch from Dasan. However, Dasan's response at the time was along the lines of, 'It is difficult to provide a self-patch as this product is an outdated model from 9 years ago, so users should take their own measures.' They left it unpatched and neglected it. Finally, in March 2022, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) directly issued a strong warning to all users worldwide, stating, 'Immediately discontinue the use of this product and unplug it immediately.'

According to NIST records, this product line was finally discontinued on March 31, 2022. This means that for a full four years, from the public disclosure of the vulnerability in 2018 to its discontinuation in 2022, the secret door to South Korea's election computer network remained open. And during those four years, we held the April 15, 2020 general election, and the US held its November 3rd presidential election.

ㅡWhat is the basis for the possibility that North Korean hackers were already aware of these vulnerabilities?

“We need to pay attention to Dasan's description of it as a '9-year-old outdated product.' Nine years prior to 2018 would be 2009. 2009 was a period when the One Program Center was most actively operating. This book's investigative findings indicate that North Korean personnel were directly involved in the OS, kernel structure, and encryption algorithm design of this equipment.

And there is decisive technical evidence. A 2013 Kaspersky report technically confirmed that the communication module and encryption library structure of the One Program Center software are almost identical to the Kimsuky malware. They are consistent, as if sharing the same template.

Furthermore, Kimsuky's operational hours are from 9 AM to 5 PM, and the discovered server IP addresses are all concentrated in Dandong, China. The One Program Center was closed in 2011, and Kimsuky began its active operations in 2012. Exactly one year later. The common judgment of security experts is that the person who participated in the design knows the weaknesses of that design best. The NIS has confirmed Kimsuky's hacking of the NEC.

The Shield of Independence and the Duty of Voters

ㅡDespite the NIS's extensive security warnings and official announcements, how should we interpret the NEC's firm refusal to undergo security inspections?

“The independence of the NEC, stipulated in Article 114 of the Constitution, is a sacred authority granted to protect the fairness of elections from political interference. However, the NEC has misused this independence as a massive shield to block even legitimate inspections by national security agencies.

Independence means working autonomously and responsibly, not an immunity that allows one to reign over South Korea's constitutional system and security network. President Yoon Suk-yeol also stated in a handwritten statement that 'all other national agencies agreed to the NIS security inspection, but only the NEC's refusal was firm.' Why did they so vehemently refuse the demand to fix vulnerabilities that threaten national security, and what were they trying to hide through that refusal? This book poses these questions to the readers.

ㅡHow do you respond to the voices opposing the abolition of early voting and the introduction of full manual vote counting?

“The convenience of voting and the reliability of the results are values that can never be traded off. No matter how high the participation rate reaches, exceeding 90%, if the results are manipulated numbers, how can we call that democracy? Venezuela, even under a dictatorial regime, had high voter turnout.

The fundamental risk of early voting lies in the 'Integrated Voter Registration System,' which operates in real-time to allow voting anywhere in the country. And the NIS has confirmed that this entire computer network can be manipulated. If the good intentions of a system are exploited as a channel for manipulation, it is appropriate to reconsider it entirely. To those who say manual vote counting is inconvenient and unrealistic, I ask: even if electronic counters sort the ballots first, why is it impossible to have an independent verification process where a person checks each ballot with their own eyes? It is not impossible; it is merely troublesome and inconvenient. Freedom is maintained by the price of enduring inconvenience.

ㅡFinally, what message would you like to convey to the readers who will encounter this book and the citizens of South Korea?

“As you close this book, there is only one question you should ask yourself: 'Is the precious vote I cast in the ballot box being honestly counted?' This is not a partisan issue of left or right, or ruling and opposition parties. Democracy's basic premise is to accept the results even if the candidate you support loses, provided the outcome was fair. This book aims to convey that this premise is crumbling.

The mainstream media remains silent. When the US Assistant Attorney General for the Civil Rights Division officially announced that 260,000 deceased individuals were found on the US voter registry, not a single line was reported by the domestic mainstream media. Instead of the silent media, the people themselves must become the medium that disseminates the truth.

Above all, you must keenly see through the grand deception of 'full-scale electronic voting adoption' that will unfold in the future. Even if early voting is abolished and the election commission is dissolved, the introduction of electronic voting will be the beginning of greater danger. The roots of the massive hacking that began in Dandong are deep and intricate. However, accurately knowing where those roots are embedded—that security awareness—will be the great beginning of protecting South Korea.