SEOUL, South Korea – South Korean police are analyzing a sample of the tens of thousands of infected computers used to crash Web sites in South Korea and the U.S., but conceded Sunday they may not lead to the culprit.
South Korean intelligence officials suspect archrival North Korea was involved. South Korea's spy agency told lawmakers last week that a North Korean military research institute had been ordered to destroy the South's communications networks, local media reported.
An Chan-soo, a senior police officer investigating the cyberattacks, said Sunday that investigators had obtained 27 computers infected with malicious computer code, known as malware, in an attempt to trace the "contamination paths" of the programs that launched the attacks.
Such programs can give hackers remote access to computers without the owners' knowledge.
An gave no details about who the computers belonged to, other than that they were from South Korean individuals. He said South Korea is also seeking to obtain hard disks and other information on six foreign servers whose files update malware programs.
An did not say where the foreign servers were located.
The so-called denial of service attacks, in which floods of computers try to connect to a single site at the same time to overwhelm the server, targeted high-profile Web sites, including those of the White House and South Korea's presidential Blue House.
The state-run Korea Communications Commission has said that tens of thousands of computers were infected. The commission says it has identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of Web site outages, which began in the U.S. on July 4.
They were in Austria, Georgia, Germany, South Korea and the U.S., a commission official said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.
The identity of the IP addresses themselves, however, provides little in the way of clarity. It is likely the hackers used the addresses to disguise themselves — for instance, by accessing the computers from a remote location. IP addresses can also be faked or masked, hiding their true location.
The assaults appear to be on the wane. No new similar cyberattacks have been reported in South Korea since Friday evening, the commission said.