Symantec held to ransom, pcAnywhere souce code leaked

by Steven Williamson on 7 February 2012, 09:27

Tags: Symantec (NASDAQ:SYMC)

Quick Link: HEXUS.net/qabccv

Add to My Vault: x

Security software maker Symantec Corp has confirmed it has been held to ransom by hackers claiming to be from Anonymous.

The hacker group allegedly demanded $50,000 in return for destroying the source code for Symantec's pcAnywhere product, which it had stolen in January. A conversation via email posted on Pastebin shows a string of demands from a person named Yamatough, claiming that he has the source code to a number of Symantec products.

Negotiations involving the source code reportedly began back in January and this week Symantec apparently agreed to send the money to Anonymous, but only if it could pay in monthly instalments. The hacker refused the offer saying "our offshore people won’t let us securely get the money because they won’t process amounts less than 50k a shot".

Late on Monday communication between Yamatough and Symantec broke down and the hacker gave the US company 10 minutes to agree to send the full amount of cash. "After that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar)," the hacker wrote.



After failing to meet the demands, the hacker claims to have posted the source code on well-known bittorrent site, Pirate Bay. As of last night a 1.2GB file named "Symantec's pcAnywhere Leaked Source Code" has apparently been available to download.

It turns out that the negotiation between the hacker and Symantec had been under investigation since January and was part of a sting operation to catch the hackers. In a statement to CNET, the company wrote:

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Symantec is the world’s largest maker of security software for computers and has a number of popular products under its belt, including Norton Anti-Virus and Norton Internet Security. It’s currently unknown if the hacker collective plans to release further source code.

The investigation continues.


HEXUS Forums :: 23 Comments

Login with Forum Account

Don't have an account? Register today!
The irony…
made me :lol:
This application is the least of their worries considering the rest of the Symantec arsenal of blue prints the hackers have.
Hmmm, I'm not sure I really understand where Anonymous are coming from anymore. Maybe I'm too young or too old to understand.

Like, I get them exposing security flaws and highlighting where peoples data isn't as safe as companies would like you to think. There should always be a group like that, testing these things. People get laidback otherwise and start cutting corners, as has been happening I think. It has the potential to make the internet a safer and securer place.

But holding companies to ransom?!? It's moving into the realms of internet terrorism to me. How long is it going to be before, the next time they hack a big database, they start holding peoples credit card information to ransom or even worse just post them up online for all the world to see/steal from?

Allow me to anticipate an arguement here. Yes, the company who originally held the data holds *some* responsibility. But once you've stolen data you're then responsible for what happens to it. If I find a gun lieing, unsecured, on the street, pick it up and shoot someone - accidently or otherwise - who is to blame? Me, or the person who left the gun there? Arguably, if the gun had never been left open for anyone to take, then maybe no one would have got shot. Equally, the moment I picked up the gun, I became responsible for what happens with it. While companies should be held to account for their security failings leading to a hack, Anonymous should be held to account for what they do with the data they steal!
Kirano
Hmmm, I'm not sure I really understand where Anonymous are coming from anymore. Maybe I'm too young or too old to understand.

Like, I get them exposing security flaws and highlighting where peoples data isn't as safe as companies would like you to think. There should always be a group like that, testing these things. People get laidback otherwise and start cutting corners, as has been happening I think. It has the potential to make the internet a safer and securer place.

But holding companies to ransom?!? It's moving into the realms of internet terrorism to me. How long is it going to be before, the next time they hack a big database, they start holding peoples credit card information to ransom or even worse just post them up online for all the world to see/steal from?

Allow me to anticipate an arguement here. Yes, the company who originally held the data holds *some* responsibility. But once you've stolen data you're then responsible for what happens to it. If I find a gun lieing, unsecured, on the street, pick it up and shoot someone - accidently or otherwise - who is to blame? Me, or the person who left the gun there? Arguably, if the gun had never been left open for anyone to take, then maybe no one would have got shot. Equally, the moment I picked up the gun, I became responsible for what happens with it. While companies should be held to account for their security failings leading to a hack, Anonymous should be held to account for what they do with the data they steal!

Well said. Couldn't agree more. Anonymous are now nothing more than a bunch of criminals.