Woah, read the timeline at the top of this. The fire happened the very day the government ordered onsite inspection was supposed to start due to Chinese/NK hacking.
Phrack's timeline may read like it, but it wasn't an onsite inspection due to hacking, but a scheduled maintenance to replace the overdue UPS, hence battery-touching involved. Even the image they linked just says "scheduled maintenance."
So right after the investigation was announced, they suddenly scheduled a UPS battery replacement which happened to start a fire big enough to destroy the entire data centre and all data or evidence?
Yeah, that's way less suspicious, thanks for clearing that up.
My mind initially went to a government cover-up, but then:
> 27th of September 2025, The fire is believed to have been caused while replacing Lithium-ion batteries. The batteries were manufactured by LG, the parent company of LG Uplus (the one that got hacked by the APT).
Could the battery firmware have been sabotaged by the hacker to start the fire?
replacing a UPS is usually done to right time pressures. the problem is, you can rarely de-energise UPS batteries before replacing them, you just need to be really careful when you do it.
Depending on the UPS, Bus bars can be a mother fucker to get on, and of they touch energised they tend to weld together.
With lead acid, its pretty bad (think molten metal and lots of acidic, toxic and explosive gas, with lithium, its just fire. lots of fire that is really really hard to put out.
Yeah, but the problem is that the batteries are still full of juice.
Obviously for rack based UPSs you'd "just" take out the UPS, or battery drawer, and replace somewhere more safe, or better yet, swap out the entire thing.
For more centralised UPSs that gets more difficult. The shitty old large UPSs were a bunch of cells bolted to a bus bar, and then onto the switchgear/concentraitor.
for Lithium, I would hope its proper electrical connectors, but you can never really tell.
They hacked the firmware of the UPSs inside e-corp to destroy all paper records. The steel mountain hack was messing with the climate controls using a raspi to destroy tape archives
UPS, check. Any kind of reasonable fire extinguisher, nah.
A Kakao datacenter fire took the de-facto national chat app offline not too many years ago. Imagine operating a service that was nearly ubiquitous in the state of California and not being able to survive one datacenter outage.
After reading the Phrack article, I don't know what to suspect, the typical IT disaster preparedness or the operators turning off the fire suppression main and ordering anyone in the room to evacuate to give a little UPS fire enough time to start going cabinet to cabinet.
If the theory "north korea hacked the UPS batteries to blow" is true, though, then it makes more sense why fire suppression wasn't able to kick in on time.
Such coincidences do happen. 20 years ago the plane which was carrying all the top brass of the Russian Black Sea Fleet as well as the Fleet’s accounting documentation for inspection to Moscow burst in flames and fell to the ground while trying to get airborne. Being loaded with fuel it immediately became one large infernal fireball. By some miracle no top brass suffered even minor burn/injury while all the accounting documentation burned completely.
Who has the incentive to do this, though? China/North Korea? Or someone in South Korea trying to cover up how bad they messed up? Does adding this additional mess on top mean they looked like they messed up less? (And for that to be true, how horrifically bad does the hack have to be?)
It might be different “they”s. Putting on my tinfoil hat, whoever was going to be in hot water over the hack burns it down and now the blame shifts from them to whoever manages G-drive and don’t have a backup plan.
Not saying I believe this (or even know enough to have an opinion), but it’s always important to not anthropomorphize a large organization. The government isn’t one person (even in totalitarian societies) but an organization that contains large numbers of people who may all have their own motivations.
If there was shady behavior, I doubt it’s about a cyber hack. More likely probably the current administration covering their tracks after their purges.
Alternate hypothesis: cloud storage provided doing the hard sell. Hahaha :)
> whoever was going to be in hot water over the hack burns it down and now the blame shifts from them to whoever manages G-drive and don’t have a backup plan.
LG is SK firm and manufacturer of hacked hardware and also the batteries that caught fire. Not sure it’s a solid theory just something I took note of while thinking the same
"NK hackers" reminds me "my homework was eaten by a dog". It's always NK hackers that steal data/crypto and there is absolutely no possibility to do something with it or restore the data, because you know they transfer the info on a hard disk and they shoot it with an AD! Like that general!
How do we know it's NK? Because there are comments in north-korean language, duh! Why are you asking, are you russian bot or smt??
Though this is far from the most important points of this article, why do even the article’s authors defend Proton after having their accounts suspended, and after having seemingly a Korean intelligence official warn them that they weren’t secure? Even if they’re perfectly secure they clearly do not have the moral compass people believe they have.
Ohh side note but this was the journalist group which was blocked by proton
The timing as well is very suspicious and I think that there can be a lot of discussion about this
Right now, I am wondering about the name most tbh which might seem silly but "APT down - The North Korean files"
It seems that APT means in this case advanced persistent threat but I am not sure what they mean by Apt Down, like the fact that it got shut down by their journalism or-? I am sorry if this may seem naive and on a serious note this raises so many questions...
> 27th of September 2025, The fire is believed to have been caused while replacing Lithium-ion batteries. The batteries were manufactured by LG, the parent company of LG Uplus (the one that got hacked by the APT).
Witness A said, “It appears that the fire started when a spark flew during the process of replacing the uninterruptible power supply,” and added, “Firefighters are currently out there putting out the fire. I hope that this does not lead to any disruption to the national intelligence network, including the government’s 24 channel.”[1]
I’m no expert but traditional lead acid battery UPS are typically at the bottom of the rack due to weight and concern about leakage. Wouldn’t surprise me if li-ion UPS go at the bottom as well. In that case if uncontrolled it seems pretty easy to torch an entire rack.
96 servers isn’t that many, probably less than 10 racks and given the state of the backups it would track that they didn’t spring for halon.
Lithium ion batteries provide their own oxidiser, removing oxygen won't put them out (though it will probably help stop the fire from spreading). The only thing that kinda helps is removing the heat (with cold C02 or water, the latter not great for an electrical fire and the former only good for pretty small fires), but that's only a temporary fix usually. Ultimately a lithium battery fire has got to burn itself out.
As the other commenter said, Halon hasn't been a thing for a fair while, but inert gas fire suppression systems in general are still popular.
I would expect it wouldn't be sufficient for a lithium ion battery fire - you'd temporarily displace the oxygen, sure, but the conditions for fire would still exist - as soon as enough nitrogen (or whatever suppressant gas is in use) dissipates, it'd start back up again.
Also as I understand thermal runaway is self-sustaining, since the lithium ion batteries have a limited capacity to provide their own oxygen (something to do with the cathode breaking down?), so it might continue burning even while the area is mostly flooded with inert gas.
I believe it would be similar to an EV car fire, that is, you'd have to flood the area with water and wait for it to cool down enough that thermal runaway stops. Maybe they can do better these days with encapsulating agents but I'd still expect the rack housing the UPS to be a write-off.
> I would expect it wouldn't be sufficient for a lithium ion battery fire - you'd temporarily displace the oxygen
(Edit: sorry, in hindsight it's obvious the comment I'm replying to was referring to inert gas systems, and not halogenated systems)
Halon and friends don't work through an oxygen displacement mechanism, their fire suppression effects are primarily due to how the halogen moieties interfere with the decomposition of other substances in the flame. IIRC, A key mechanism is the formation of hydrogen(!) from hydrogen radicals.
Apparently if the calibration is correct, halon can de deployed in a space to suppress a fire without posing as asphyxiation risk.
They were not tested enough for that. From chemical POV the fluorine in halon can even exothermically react with lithium, like teflon can with aluminium. But all depends on circumstances, it needs high temperatures and the lithium concentration in batteries is low.
I'm not sure about South Korea, but in the U.S., halon started to be phased out in 1994 due to its ozone-depleting characteristics. I believe new facilities use CO2.
I'm guessing lithium-ion batteries were not a factor years ago when those decisions were made.
For more context, the name derives from "phone hacking" or phreacking. You got your legends like Captain Crunch and many of you big tech players were into this stuff when they were younger, such as Woz
This was also often tied to a big counter culture movement. Which one interesting thing is that many of those people now define the culture. I guess not too unlike how many hippies changed when they grew up
Not sure why people downvoted you as I actually read the wikipedia and learnt a lot about phrack and how their name is sort of inspired by "phreaking,anarchy and cracking" and I think thus the name ph-ra-ck.
