Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Symantec verifies stolen source code posted by Anonymous is "legitimate"

Ellen Messmer | Feb. 8, 2012
Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

Late yesterday, hackers did release the source code for an older version of Symantec's pcAnywhere and Norton Internet Security by uploading it to the Pirate bay website. Symantec confirms this is legitimate Symantec source code, and Symantec spokesman Chris Paden says the concern now is that other code that Anonymous claims to have in its possession will soon be posted as well.

"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed to have in their possession. So far, they have posted code for the 2006 version of Norton Internet Security and pcAnywhere. We anticipate that at some point, they will post the code for Norton Antivirus Corporate Edition and Norton Systemworks. Both products no longer exist." Symantec foresees no immediate security issues if this source code is posted since neither is supported any longer.

Symantec says it has been in contact with law enforcement since it received the extortion attempt, and some of what appears to be a sting operation was evident in an e-mail string posted online by a person named Yamatough, a name similar to the Twitter handle of Yama Tough in Mumbai who is associated with the hacker group, Lords of Dharmaraja, that earlier claimed to have source code to some Symantec products.

E-mail purporting to come from "Sam Thomas," appearing to be a Symantec employee but using a Gmail address, offered to pay $50,000 but wanted assurances that the hacker wouldn't release the source code after payment. "Sam Thomas" offered to pay $2,500 a month for the first three months, with payments starting next week.

Yamatough apparently rejected that offer stating, "our offshore people won't let us securely get the money because they won't process amounts less than 50K a shot." He gave "Sam Thomas" 10 minutes to decide whether to pay, and "Sam Thomas" relayed he needed more time. After that, the source code to the older versions of pcAnywhere and Norton Antivirus was publicly posted.

Symantec's Chris Paden says the e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Symantec says after it got the extortion attempt in January, it contacted law enforcement "and turned the investigation over to them." So any e-mail communications seen in the drama unfolding have actually been between Anonymous and law enforcement agents - not Symantec. "This was all part of their investigative techniques for these type of incidents," Paden says.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.