Related News

Home » World

Hackers tried to steal information, Seoul police say

HACKERS extracted lists of files from computers they contaminated with the virus that triggered cyber attacks last week in the United States and South Korea, police in Seoul said yesterday.

The attacks, in which floods of computers tried to connect to a single Website at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.

The finding means that hackers not only used affected computers for Web attacks, but also attempted to steal information from them. That adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.

Still, the new finding does not mean information was stolen from attacked Websites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement.

Police reached those conclusions after studying a malicious computer code in an analysis of about two dozen computers - a sample of the tens of thousands of that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyber attacks. The officer said only lists of files were extracted, not the files themselves.

"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."

Extracted file lists were sent to 416 computers in 59 countries, 15 of them in South Korea. Police have found some file lists in 12 receiver computers and are trying to determine whether hackers broke into those systems and stole the lists, An said.

Investigators have yet to identify the hackers or determine where they operated from. Dozens of high-profile US and South Korean Websites were targeted.

There have been no new Web attacks since the last wave was launched on Thursday.

South Korea's spy agency, the National Intelligence Service, lowered the country's cyber attack alert on Monday as affected Websites returned to normal.

The agency's National Cyber Security Center told ruling party lawmakers yesterday that the attacks were presumed to have been either a practice run or of a preliminary nature.

Calls to the ruling party spokesman were not answered. The National Cyber Security Center declined to comment.

North Korea is suspected of involvement. The spy agency told lawmakers last week that a North Korean military research institute had been ordered to destroy the South's communication networks, local media reported.


Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.

沪公网安备 31010602000204号

Email this to your friend