Hackers tried to extort $50000 from Symantec to keep source code private

pcAnywhere software enables remote access between host and remote computers

(CBS) - Hackers related to the group Anonymous recently attempted to extort $50,000 from the security software company Symantec. The hostage in question was the source code for Symantec's software pcAnywhere and Norton Antivirus.

Symantec has confirmed that the code is legitimate and was stolen during a 2006 breach of its network.

An e-mail exchange of negotiations between the authorities and the hackers, who are calling themselves Yamatough or Lords of Dhjarmaraha, was recently posted on the site PasteBin.

"We give you 10 minutes to decide which way you go after that two of your codes fly to the moon pcAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START," Yamatough said in an email.

A supposed Symantec employee named Sam Thomas responded to Yamatough, offering cash in exchange for the source code's privacy.

"We will pay you $50,000.00 USD total," Thomas said in an e-mail. "However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain."

CNET obtained this statement from Symantec:

"In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

Several exchanges went back and forth between the two parties to negotiate cash amount and payment method. But, the kicker was when Yamatough asked Symantec to trust their word that the source code would not leak once payment was made.

"What are the guarantees that we won't come back for more? NONE of course, you have to trust us on this one, if we were really bad guys we would have already released or sold your code at the time of exchanging emails with you," said Yamatough. "We assure you we are man of honor we keep our promise."

Ultimately, the deal was not completed. After communication fell off between the two parties, the hackers took to Twitter for the second act of the drama.

"All the Symantec source codes are now on sale! PcAnywhere, System Works, Internet Security and Norton GoBack with Utilities," @Yamatough tweeted.

Now, all of the parties are claiming it was just a big joke and the source code will be released after all. "Symantec got trolled. Code was always set for public release since beginning," @AnonymousIRC tweeted.

According to a tweet at 5:47 a.m. EST, Yamatough will release the source code to the Norton Anti-virus software.

"NAV release coming in 7 hours," @Yamatough tweeted.

If your head is spinning, you're not the only one. All of these dramatics are just a big joke for these hackers, but they fail to realize that Symantec isn't a faceless corporation.

Software engineers worked long hours for years to write that code. Releasing their work into the public is like stealing the hours these men and women spent away from family and friends - to write anti-virus software. Ask them, Yamatough, and I'm sure they'll tell you it's not a joke.


Symantec released this statement this afternoon:

Symantec can confirm that the source code for pcAnywhere has been posted publicly. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess over the last few weeks.

Symantec was prepared for the code to be posted at some point, and has developed and distributed a series of patches since Jan. 23rd to protect our users against known vulnerabilities. We have been conducting direct outreach to our customers since Jan. 23rd to reiterate that in addition to applying all relevant patches that have been released, customers should also ensure that pcAnywhere version 12.5 is installed, and follow general security best practices.

If customers are unable to adhere to this guidance and have not installed the latest version with current patches, we recommend that they contact pcanywhere@symantec.com for additional assistance.

On Monday, January 23, 2012, Symantec released a patch that eliminates known vulnerabilities affecting customers using pcAnywhere 12.5. On Friday, January 27, 2012, Symantec released a patch that eliminates known vulnerabilities affecting customers using pcAnywhere 12.0 and pcAnywhere 12.1.

We anticipate that Anonymous will post the rest of the code they have claimed to have in their possession. So far, they have posted code for the 2006 versions of Norton Utilities and pcAnywhere. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products.