Last Week's Cyber Attacks Exposed Data
Source: Tom's Guide US | Keywords: Cyber, Attacks, Data, Korea, Virus | Themes: The Internet
According to Korean police, hackers retrieved data during last week's attacks.
A report from South Korean police today said that hackers actually extracted data during last week's cyber attacks. The data was stolen from computers that were infected by a virus triggering four waves of DDoS attacks on U.S. and South Korean government and business websites.
Last Friday it was also believed that the viruses on the infected computers would self-destruct and either format the host hard drive, or encrypt the drive's data, covering its tracks. However, the South Korean police said that the assaulted websites did not suffer data loss.
An Chan-Soo, a senior police officer investigating the cyber attacks, said that the South Korean police came to this conclusion after analyzing the malicious code found on around twenty four infected computers. The good news is that the hackers only retrieved lists of files, not the actual files stored on the hard drive. "It's like hackers taking a look inside the computers," he said. "We're trying to figure out why they did this."
He also added that the extracted files were actually sent to 416 computers in 59 countries, 15 of which were located within South Korea. Some lists were discovered in 12 receiver computers, and the police are now trying to verify if the hackers broke into those PCs and stole the lists. Currently the hackers remain unidentified, and their base of operations undetermined.
Although another wave was expected to hit personal PCs on Friday, no additional waves of DDoS attacks have taken place since Thursday. As of Monday morning, South Korea's spy service, the National Intelligence Services (NIS), lowered the country's cyber attack alert. The NIS said Saturday that it has "various evidence" pointing to North Korea's involvement, however the spy agency also said that it had not come to a final conclusion.
The Korea Communications Commission reported earlier today that it has blocked another IP address in Britain based on information given by a Vietnamese antivirus firm. The IP address was used in last week's attacks.
-
Previous News Article
IBM Masking Technology Hides Data -
Next News Article
UFC Blacklisting Fighters...
South Korea says this. South Korea says that. South Korea wants the US to hit the North with a baseball bat.
God this is sounding like a Mission Impossible movie.
Save the LIST!
So, since according to other websites, the main server used for the attack was located in the UK, can we just assume that the US always blames it's "enemies" for everything? The "axis of evil" hasn't done a damn thing to us TBH.
This cannot be the work of North Korea. They are still using Commodore Vic 20's with Vic Modems.
were they Crysis files?
Why would hackers want to look on a file list?? To get a better target so they can, next time, download any file they want on the target.. What else?
Gee, I guess I offended one North Korean out there. Or maybe you are just too dumb to know what a Vic 20 is. Either way, piss off.
yawn....
No one should jump to conclusions...we have no idea who is really doing this but i have a slight feeling its pointing at N. Korea...not just based on the news, but a hunch. They could be just looking for something specific and did not find it yet...
What's the point, South Korea probably isn't even nuclear armed. Seems like the North would be just wasting time doing this stuff.