SKorean police: Hackers extracted data in attacks

Jul 14, 2009 By JAE-SOON CHANG , Associated Press Writer
Employees of AhnLab Inc. work at Security Operation Center in Seoul, South Korea, Friday, July 10, 2009. South Korea's spy agency told lawmakers that the cyber attacks that caused a wave of Web site outages in the U.S. and South Korea were carried out by using 86 IP addresses in 16 countries, amid suspicions North Korea is behind the effort. (AP Photo/Lee Jin-man)

(AP) -- Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday.

The attacks, in which floods of computers tried to connect to a single at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.

The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.

Still, the new finding does not mean information was stolen from attacked Web sites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement, they said.

Police reached those conclusions after studying a malicious code in an analysis of about two dozen computers - a sample of the tens of thousands of computers that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyberattacks. The officer said that only lists of files were extracted, not files themselves.

"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."

Extracted file lists were sent to 416 computers in 59 countries, 15 of them in . Police have found some file lists in 12 receiver computers and are trying to determine whether hackers broke into those systems and stole the lists, An said.

Investigators have yet to identify the or determine for sure where they operated from. Dozens of high-profile U.S. and South Korean Web sites were targeted.

There have been no new Web attacks since the last wave launched Thursday evening.

South Korea's , the National Intelligence Service, lowered the country's cyberattack alert Monday as affected Web sites returned to normal.

is suspected of involvement. The spy agency told lawmakers last week that a North Korean military research institute had been ordered to destroy the South's communications networks, local media reported.

The agency said in a statement Saturday that it has "various evidence" of North Korean involvement, but cautioned it has yet to reach a final conclusion.

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: US warns shops to watch for customer data hacking

add to favorites email to friend print save as pdf

Related Stories

SKorea says attackers use IP address in 16 nations

Jul 10, 2009

(AP) -- Cyber attacks that caused a wave of Web site outages in the U.S. and South Korea used 86 IP addresses in 16 countries, South Korea's spy agency told lawmakers Friday, amid suspicions North Korea was ...

White House among targets of sweeping cyber attack

Jul 08, 2009

(AP) -- The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the ...

SKorea and US forge deal to fight cyber attacks

May 04, 2009

South Korea and the United States have agreed to cooperate in fighting cyber attacks against their defence networks from countries including China and North Korea, officials said Monday.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

Recommended for you

Study: Social media users shy away from opinions

18 hours ago

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0