‘Anonymous’ hackers release source code despite Symantec offering $50,000 to prevent the leak
Members of the Anonymous hacking group claim to have released the source code for Symantec’s pcAnywhere product, which Symantec has admitted was obtained as the result of a 2006 security breach.
The code was released on file-sharing website The Pirate Bay along with a message reading: “Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need.” Symantec said it was aware of the release and is in the process of analysing the code to determine whether it is genuine.
On Monday hackers released transcripts of an email exchange in which Symantec apparently offered to pay $50,000 (£31,500), in order to prevent the code from being released.
The exchange, which began in January and continued for several weeks, ended with both sides unable to reach an agreement and with hackers giving Symantec a deadline after which they promised to release the source code.
Symantec confirmed to TechWeekEurope that the email exchange is genuine, but said it was part of an ongoing criminal investigation into the 2006 hack.
“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation,” Symantec stated. “Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.”
In the email exchange, an Anonymous hacker using the handle Yamatough and an individual called Sam Thomas, claiming to be a Symantec employee, negotiated over how the payment might be made and how Anonymous could assure Symantec that the code would not be released after receiving the funds.
In one email, Thomas wrote: “We will pay you $50,000.00 USD total. However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”
Yamatough demanded that payments be made via a payment processor called Liberty Reserve, but Thomas said that the process of getting the necessary approvals was taking longer than expected.
“You know how the corporate environment works and we have to treat this like a business transaction,” he wrote in one email.
As the negotiations continued, Yamatough accused Thomas, who used a Gmail email account, of working with the FBI and warned against any efforts to trace his emails.
“Say hi to FBI agents, It’s funny you do not use your corp account anymore =) We wonder why is that be that way? =),” Yamatough wrote in one email. Thomas responded: “We are not in contact with the FBI.”
In his final email Yamatough gave Thomas an ultimatum: “We give you 10 minutes to decide which way you go after that two of your codes fly to the moon.” Thomas responded that the company needed more time, ending the email chain.
Last month, Symantec admitted that thieves had breached its servers and stolen the source code for a number of its security products, despite previous claims to the contrary. The company claimed that it had denied a breach because it was not aware any breach had taken place.
Symantec admitted that source code was stolen during an attack against its own servers back in 2006. Source code for “2006-era versions” of Norton Antivirus Corporate Edition, Norton Internet Security, pcAnywhere and Norton SystemWorks, which include Norton Utilities and Norton GoBack, a Symantec spokesperson said.
Symantec’s revelation came after a Twitter user Yama Tough, a member of hacking group Lord of Dharmaraja, who identifies with Anonymous, threatened to leak the source code for Norton Utilities on 13 January to “accompany” a class-action lawsuit that was filed recently against Symantec in California.
The lawsuit accused Symantec of using scareware tactics to bully users into buying its products and claimed the company allegedly distributed a trial version of its security products, which used a separate software scanner to alert users to nonexistent problems.
These tactics are used by fake antivirus and other scareware programs to trick users into buying products that do not work.