What's new

Hackers release Symantec source code after extortion attempt fails

Hu Jintao

FULL MEMBER

New Recruit

Joined
Jan 30, 2012
Messages
85
Reaction score
0
Hackers that claim to have stolen the source code of Symantec's pcAnywhere software have attempted to extort $50,000 from the anti-virus firm, in exchange for keeping the code offline.

However, after negotiations broke down, the group uploaded the source code to The Pirate Bay. It has also released a log of the email exchange with Symantec -- but the virus-hunting firm has said that the emails were a sting operation, with law enforcement officials posing as a Symantec employee.

The email exchange is from January 2012 and kicks off with a hacker called YamaTough -- spokesperson of Indian hacker group Lords of Dharmaraja, which is affiliated with Anonymous' Op AntiSec. He's talking to a Symantec "employee" named Sam Thomas -- actually a law official, says Symantec.

At first, Thomas wants assurances that the hackers actually have their code. Thomas suggests uploading it using FTP. Yama thinks this is a trick -- "If you are trying to trace with the FTP trick it's just worthless," he says. "If we detect any malevolent tracing action we cancel the deal."

Yama threatens the anti-virus firm. "We have many people who are willing to get your code. Don't **** with us."

The hacker asks Symantec to name a price. "How much do you consider enough to pay us in order to work all the issues out?" Stalling, Symantec asks how the money transfer will be made. Yama suggests payment processor Liberty Reserve, though "wire transfer to a bank account in Lithuania or Latvia is also an option."

"What assurances can you provide that once we pay, you will actually destroy the code and not ask for more money?," Thomas asks. "None of course," Yama bites back. "If we were really bad guys we would have already released or sold your code."

Symantec tries to make a smaller payment of $1,000 through PayPal to keep the hacker happy. Yama says no: "we can wait till we agree on final amount." So Thomas comes back with his final offer: "We will pay you $50,000.00 USD total." That's about £32,000.

The security software outfit suggests paying $2,500 a month for the first three months. If Symantec is convinced that the hackers have destroyed the code, and make a public statement to say that the hack was all a lie, the firm will pay over the rest.

Not good enough, says Yama. "I am afraid we have to cancel the whole deal because our offshore people wont let us securely get the money because they wont process amounts less than 50k a shot."

Yama has noticed that Mr. Symantec has stopped using his "@symantec.com" email address, and has adopted a Google Mail address. "Say hi to FBI agents," Yama says, perhaps twigging that this is a sting operation. "We are not in contact with the FBI," Thomas assures the hacker.

With negotiations breaking down, Yama says "we give you 10 minutes to decide which way you go or the two of your codes fly to the moon -- pcAnywhere and Norton Antivirus."

"We can't make a decision in ten minutes," says Thomas. "We need more time." The hacker group then proceeded to release a 1.27GB file as a torrent.

Symantec has said the version of the source code in the hacker's possession was from 2006, and no longer posed a threat to its customers even if the source code was released. After the hack was made public in January, the firm instructed its pcAnywhere users to disable the product but it later declared it safe to use after offering free upgrades.

As for the hacker, YamaTough said he never intended to take the money. "We tricked them into offering us a bribe so we could humiliate them," the plucky young hacker told Reuters.

http://www.wired.co.uk/news/archive/2012-02/07/thrilling-symantec-hack-extortion
 
. .
LInk to news or this will be deleted.
 
. .
'Mumbai-based' hacker releases Symantec source code

A hacker released the source code for antivirus firm Symantec's pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

The negotiations also might have bought Symantec time while it issued fixes to the pcAnywhere program, which allows customers to access their desktop machines from another location.

"Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since January 23rd to protect our users against known vulnerabilities," said company spokesman Cris Paden.

Symantec had taken the extraordinary step of asking customers to stop using the software temporarily until it readied the patches. It issued fixes for "known vulnerabilities" in version 12.5 of the software on January 23 and fixes for versions 12.0 and 12.1 on Friday January 27.

Paden said that Symantec had contacted its customers and that it had not lost any customers. He said that if they were running up-to-date, patched versions they should not face increased risk.

Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. "As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure," Paden said.

The emails over the $50,000 payoff was widely circulated, with some mocking the world's largest standalone security company for its apparent attempt to buy protection.

But the company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," Paden said, adding that no money was paid.

Paden declined to name the law enforcement agency, saying it could compromise the investigation.

Symantec had previously confirmed the hacker, part of a group called Lords of Dharmaraja and affiliated with Anonymous, was in possession of source code for its products, obtained in a 2006 breach of the company's networks.

The email exchange released by the hacker, who claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.

The email negotiations echoed conversations in past years, viewed by Reuters, in which police agencies directed talks between victims and hackers.

"We can't pay you $50,000 at once for the reasons we discussed previously," said one email from a purported Symantec employee Sam Thomas, who offered to pay the full amount at a later date.

"In exchange, you will make a public statement on behalf of your group that you lied about the hack."

A common tactic of the FBI and others investigating extortionists and kidnappers is to seek to break down the amount of money sought by the suspects into multiple smaller payments.

This stretches out the negotiation, giving authorities more insight into the suspect and more time in which to make an arrest. It also lessens the risk to any victim inclined to pay the entire amount demanded.

Most important, it creates more transactions, each one of which provides a trail of records and human beings that can be traced as the police seek their quarry.

The hacker said he never intended to take the money.

"We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.

In recent weeks, the hacker has posted segments of code for Norton Utilities and other programs. A software maker's intellectual property, specifically its source code, is its most precious asset.

Symantec's Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.
'Mumbai-based' hacker releases Symantec source code - The Times of India
 
. .
Myeah, and it took them almost 6 years to find out that the pcanywhere source code got stolen. This coming from a company making security software.Lool.

Anyhow, they released a security patch for Pcanywhere to take care of this problem, if you update it should be ok.

Since we're talking about pcanywhere, I heard some rumor about an audials anywhere program. It's supposed to be a personal media cloud that lets you access your files anywhere, invite friends to browse, download and stream your media collection and anyhting like that, if I am not mistaking.

So I was just wondering if that audials anywhere program is related to pcanywhere, got any idea?
 
.

Pakistan Defence Latest Posts

Back
Top Bottom