What's new

Indian Hacker Steals Symantec Code.

somebozo

ELITE MEMBER
Joined
Jul 11, 2010
Messages
18,872
Reaction score
-4
Country
Pakistan
Location
Saudi Arabia
Looks like a disgruntled outsourcing employee



Hacker releases Symantec source code
Hacker releases Symantec source code - Arab News

By REUTERS
Published: Feb 8, 2012 13:40 Updated: Feb 8, 2012 13:40

NEW YORK: A hacker has released the source code for antivirus firm Symantec's pcAnywhere utility, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

NEW YORK: A hacker has released the source code for antivirus firm Symantec's pcAnywhere utility, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

The negotiations also might have bought Symantec time while it issued fixes to the pcAnywhere program, which allows customers to access their desktop machines from another location.

"Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since January 23rd to protect our users against known vulnerabilities," said company spokesman Cris Paden.

Symantec had taken the extraordinary step of asking customers to stop using the software temporarily until it readied the patches. It issued fixes for "known vulnerabilities" in version 12.5 of the software on January 23 and fixes for versions 12.0 and 12.1 on Friday January 27.

Paden said that Symantec had contacted its customers and that it had not lost any customers. He said that if they were running up-to-date, patched versions they should not face increased risk.

Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. "As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure," Paden said.

The emails over the $50,000 payoff was widely circulated, with some mocking the world's largest standalone security company for its apparent attempt to buy protection.

But the company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," Paden said, adding that no money was paid.

Paden declined to name the law enforcement agency, saying it could compromise the investigation.

Symantec had previously confirmed the hacker, part of a group called Lords of Dharmaraja and affiliated with Anonymous, was in possession of source code for its products, obtained in a 2006 breach of the company's networks.

The email exchange released by the hacker, who claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.

pastebin.com/GJEKf1T9

The email negotiations echoed conversations in past years, viewed by Reuters, in which police agencies directed talks between victims and hackers.

"We can't pay you $50,000 at once for the reasons we discussed previously," said one email from a purported Symantec employee Sam Thomas, who offered to pay the full amount at a later date.

"In exchange, you will make a public statement on behalf of your group that you lied about the hack."

A common tactic of the FBI and others investigating extortionists and kidnappers is to seek to break down the amount of money sought by the suspects into multiple smaller payments.

This stretches out the negotiation, giving authorities more insight into the suspect and more time in which to make an arrest. It also lessens the risk to any victim inclined to pay the entire amount demanded.

Most important, it creates more transactions, each one of which provides a trail of records and human beings that can be traced as the police seek their quarry.

The hacker said he never intended to take the money.

"We tricked them into offering us a bribe so we could humiliate them," YamaTough said.

In recent weeks, the hacker has posted segments of code for Norton Utilities and other programs. A software maker's intellectual property, specifically its source code, is its most precious asset.

Symantec's Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.

© 2010 Arab News
 
.
My first reaction was that this hacker needs to get a life.

But then I realized that this might not be such a bad thing. By disclosing the source code to the public, he forces them to fix possible vulnerabilities. This is good because otherwise some Symantec employees and people with good connections will know about the vulnerabilities and might be able to exploit them for targeted spying. With the source code published, any vulnerabilities are out in the open and therefore Symantec is forced to fix them.
 
.
CIA will hire him now and pay him a huge salary
 
.
^^not really buddy...
once u have the source code ....u officially have the method they use to actively monitor traffic on ur node..

it like having the encryption algorithm to an encrypting device.it affectively gives out ur trade secret

eg--what methods does Symantic apply to track,log,monitor and update its recognition software.

Now what u will see is people bringing out totally free versions of Symantic like apps tht are better if not equal to symantic standards.
And Symantic cant make a dime off of it.
 
.
^^not really buddy...
once u have the source code ....u officially have the method they use to actively monitor traffic on ur node..

it like having the encryption algorithm to an encrypting device.it affectively gives out ur trade secret

eg--what methods does Symantic apply to track,log,monitor and update its recognition software.

Now what u will see is people bringing out totally free versions of Symantic like apps tht are better if not equal to symantic standards.
And Symantic cant make a dime off of it.


Good hackers are always in demand for the security forces :)

---------- Post added at 07:28 PM ---------- Previous post was at 07:27 PM ----------

BW Online | June 9, 2003 | Cyber Alert: Portrait of an Ex-Hacker
 
.
CIA will hire him now and pay him a huge salary

It would be the NSA as this is their domain.

---------- Post added at 01:45 AM ---------- Previous post was at 01:43 AM ----------

Good hackers are always in demand for the security forces :)

---------- Post added at 07:28 PM ---------- Previous post was at 07:27 PM ----------

BW Online | June 9, 2003 | Cyber Alert: Portrait of an Ex-Hacker

Mitnick no doubt in his heydays was a star though some in Russia especially the creators of Zeus gave major headaches to a lot of people around in the world.
 
. .
We have always had the talent, the country needs to exploit it before the guy gets a job in US.

Reverse the brain drain! If the most talented people in India migrate to an existing superpower, how then is India supposed to surpass this superpower?!
 
.
Reverse the brain drain! If the most talented people in India migrate to an existing superpower, how then is India supposed to surpass this superpower?!

It is the need of the hour for all developing countries.
 
.
yamatough sounds like a telugu name to me , haha yamatough u know what it means in telugu very very tough. He lived upto his name for sure.
 
. .

Pakistan Affairs Latest Posts

Back
Top Bottom