AntiSec leaks Symantec pcAnywhere source code after $50k extortion not paid

Symantec had said it would pay $50,000 to a group of hackers associated with Anonymous and AntiSec in order to keep its source code from being leaked online. This was part of a sting operation and email exchange between hackers and Symantec — except it was actually law enforcement posing as Symantec employee "Sam Thomas" and using a fake e-mail address. The deal went to hell in a hand basket, so now there's high drama on the high cyber seas as 1.27 GB of Symantec source code set sail into the wild from The Pirate Bay.

PC_Anywhere_Leak_TPB.gif

During an email exchange, now posted on Pastebin, about extorting $50,000 from security firm Symantec to keep its stolen source code from being leaked, hacker YamaTough wrote, "Say hi to the FBI." Then added, "It's funny you do not use your corp account anymore."

To which a supposed Symantec employee replied, "We are not in contact with the FBI. We are using this email account to protect our network from you....We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem."

YamaTough and the AntiSec hackers lost patience and gave Symantec "10 minutes to decide" before "two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar)." But "if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it."

The deal went down in flames after the fake Symantec employee asked for more time. Shortly thereafter, the supposed source code was on TPB.

Symantec_wild_security_leak.gif

According to Reuters, no money was paid during the sting operation. Symantec spokesman Cris Paden said, "The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation." Then Paden told SecurityWeek. "Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them."

Then Symantec confirmed to CNET:

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

At first, Symantec had said the "segment of its source code" was not accessed from its network, but pointed the finger of blame at an unnamed third party where security was sloppy enough for it to be stolen. The code was allegedly five or six years old and only for a couple products. A group of hackers called The Lords of Dharmaraja claimed to have snatched the files from Indian military intelligence servers. That hacked memo also claimed that Apple, Nokia and RIM supply backdoors for government intercept.

But then, Symantec backtracked and admitted its network was hacked and its source code was jacked. Paden admitted the "source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, had been stolen." People who used pcAnywhere, software to remotely access and control a PC, faced "a slightly increased security risk."

A week later, Symantec almost gave its customers whiplash as it changed the pcAnywhere story again. The company warned, "At this time, Symantec recommends disabling the product until we release a final set of software updates that resolve currently known vulnerability risks." But wait, cause the ping pong pile up of company advice morphed once more when Symantec dropped the don't-use advice and instead gave a patched pcAnywhere the thumbs up and an all-clear to use. Although Symantec "also said it has not seen any real-world attacks that exploited the exposed vulnerabilities in pcAnywhere," there were grumblings in corners of cyberspace about whether or not the story that changed so many times could be trusted.

Meanwhile, the email negotiations were flying between hacker YamaTough and the feds posing as Symantec.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies