A report from South Korean police today said that hackers actually extracted data during last week's cyber attacks. The data was stolen from computers that were infected by a virus triggering four waves of DDoS attacks on U.S. and South Korean government and business websites.
Last Friday it was also believed that the viruses on the infected computers would self-destruct and either format the host hard drive, or encrypt the drive's data, covering its tracks. However, the South Korean police said that the assaulted websites did not suffer data loss.
An Chan-Soo, a senior police officer investigating the cyber attacks, said that the South Korean police came to this conclusion after analyzing the malicious code found on around twenty four infected computers. The good news is that the hackers only retrieved lists of files, not the actual files stored on the hard drive. "It's like hackers taking a look inside the computers," he said. "We're trying to figure out why they did this."
He also added that the extracted files were actually sent to 416 computers in 59 countries, 15 of which were located within South Korea. Some lists were discovered in 12 receiver computers, and the police are now trying to verify if the hackers broke into those PCs and stole the lists. Currently the hackers remain unidentified, and their base of operations undetermined.
Although another wave was expected to hit personal PCs on Friday, no additional waves of DDoS attacks have taken place since Thursday. As of Monday morning, South Korea's spy service, the National Intelligence Services (NIS), lowered the country's cyber attack alert. The NIS said Saturday that it has "various evidence" pointing to North Korea's involvement, however the spy agency also said that it had not come to a final conclusion.
The Korea Communications Commission reported earlier today that it has blocked another IP address in Britain based on information given by a Vietnamese antivirus firm. The IP address was used in last week's attacks.