SKorean police: Hackers extracted data in attacks

Jul 14, 2009 By JAE-SOON CHANG , Associated Press Writer
Employees of AhnLab Inc. work at Security Operation Center in Seoul, South Korea, Friday, July 10, 2009. South Korea's spy agency told lawmakers that the cyber attacks that caused a wave of Web site outages in the U.S. and South Korea were carried out by using 86 IP addresses in 16 countries, amid suspicions North Korea is behind the effort. (AP Photo/Lee Jin-man)

(AP) -- Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday.

The attacks, in which floods of computers tried to connect to a single at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.

The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.

Still, the new finding does not mean information was stolen from attacked Web sites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement, they said.

Police reached those conclusions after studying a malicious code in an analysis of about two dozen computers - a sample of the tens of thousands of computers that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyberattacks. The officer said that only lists of files were extracted, not files themselves.

"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."

Extracted file lists were sent to 416 computers in 59 countries, 15 of them in . Police have found some file lists in 12 receiver computers and are trying to determine whether hackers broke into those systems and stole the lists, An said.

Investigators have yet to identify the or determine for sure where they operated from. Dozens of high-profile U.S. and South Korean Web sites were targeted.

There have been no new Web attacks since the last wave launched Thursday evening.

South Korea's , the National Intelligence Service, lowered the country's cyberattack alert Monday as affected Web sites returned to normal.

is suspected of involvement. The spy agency told lawmakers last week that a North Korean military research institute had been ordered to destroy the South's communications networks, local media reported.

The agency said in a statement Saturday that it has "various evidence" of North Korean involvement, but cautioned it has yet to reach a final conclusion.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Twitter rules out Turkey office amid tax row

add to favorites email to friend print save as pdf

Related Stories

SKorea says attackers use IP address in 16 nations

Jul 10, 2009

(AP) -- Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers Friday, amid suspicions North Korea was ...

White House among targets of sweeping cyber attack

Jul 08, 2009

(AP) -- The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the ...

SKorea and US forge deal to fight cyber attacks

May 04, 2009

South Korea and the United States have agreed to cooperate in fighting cyber attacks against their defence networks from countries including China and North Korea, officials said Monday.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

Recommended for you

Twitter rules out Turkey office amid tax row

16 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

19 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

New clinical trial launched for advance lung cancer

Cancer Research UK is partnering with pharmaceutical companies AstraZeneca and Pfizer to create a pioneering clinical trial for patients with advanced lung cancer – marking a new era of research into personalised medicines ...

More vets turn to prosthetics to help legless pets

A 9-month-old boxer pup named Duncan barreled down a beach in Oregon, running full tilt on soft sand into YouTube history and showing more than 4 million viewers that he can revel in a good romp despite lacking ...