JAE-SOON CHANG, AP Writer
SEOUL, South Korea (AP) -- Hackers extracted files from computers they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police said Tuesday, a sign that they tried to steal information from the victims.
The attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in both countries.
The finding adds to concern that contaminated computers were ordered to damage their own hard disks or files after the Web assaults.
Still, the new finding does not mean information was stolen from attacked Web sites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement, they said.
Police reached those conclusions after studying a malicious computer code in an analysis of about two dozen computers — a sample of the tens of thousands of computers that were infected with the virus that triggered the attacks, said An Chan-soo, a senior police officer investigating the cyberattacks. The officer said only lists of files were extracted, not the files themselves.
"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this." Extracted file lists were sent to 416 computers in 59 countries, 15 of them in South Korea. Police have found some file lists in 12 receiver computers and are trying to determine whether hackers broke into those systems and stole the lists, An said.
Investigators have yet to identify the hackers or determine for sure where they operated from. Dozens of high-profile U.S. and South Korean Web sites were targeted.