Hackers fail to extort $50,000 from Symantec, as pcAnywhere source code is published

Filed Under: Data loss, Featured, Law & order

Symantec has confirmed that a file made available on the internet for anyone to download, does contain the source code for an old version of its pcAnywhere product.

Symantec statement

For a short while last month, before releasing a patch, Symantec advised customers to disable their pcAnywhere installations because of concern that hackers could exploit vulnerabilities.

In addition, the firm says that in January someone claiming to be the hacker responsible for the data theft tried to extort $50,000 from the firm in exchange for not releasing Symantec's stolen source code.

Yama Tough, of the Anonymous-affiliated Lords of Dharmaraja hacking gang, posted what he claims was a chain of emails sent between himself and Symantec employee "Sam Thomas" negotiating the payment.

Email exchange

Symantec says that it never made any offers to meet the hackers' extortion demands and worked with law enforcement agencies. It seems quite possible (if not downright likely) that "Sam Thomas" wasn't a Symantec employee at all, but instead working for the FBI.

Eventually, Yama Tough lost patience and published the pcAnywhere source code.

pcAnywhere source code download

As well as pcAnywhere's source code being available for download from popular torrent websites, there could be further disclosures.

According to Symantec, hackers have so far posted code for the 2006 versions of Norton Utilities and pcAnywhere. The firm says that it is expecting source code to be published for other Symantec products:

"We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products."

SymantecWith customers reassured by Symantec that the illegal theft and distribution of the source code poses no increased risk, the company will be keen to put this episode behind it and move on.

Symantec seems to have done the right thing throughout this incident - investigating what occurred, and openly sharing with its users what it discovered about a security breach from years before.

Furthermore, they recognise that they have been victims of a criminal act and have called in the authorities to investigate and (one hopes) bring the culprits to justice.

, , , ,

You might like

7 Responses to Hackers fail to extort $50,000 from Symantec, as pcAnywhere source code is published

  1. UnFocused · 1342 days ago

    I just find it funny that the email goes to a gmail account instead of a corporate Symantec account. Something about that makes me wonder.

    • The initial email exchanges (from the non-hacker side) do appear to have come from a Symantec dot com address- they switched to gmail later.

  2. 6_Year_Itch · 1342 days ago

    I don't think Symantec had too much to lose in this situation. For one the have a strong hold on their part of the market. Also if they hackers were SO capable, why not release the code for the newest versions. The code from 6 years ago is probably not even close to what is used now, especially with Windows 7 changes. Sure somethings are probably still similar. I just wonder how they got it, an angry employee or some engineering in reverse/decryption. If it were an employee you would think it would be newer, why wait 6 years to release it out of anger. Most folks would have cooled down by then.
    Either way, most businesses that I run across usually ask an IT person's opinion about antivirus solutions or they pay them to do it.. I doubt any knowledgeable IT worker would think less of Symantec because of a weak extortion attempt. I applaud them for not giving in. At least one corporation thinks twice about wasting money or funding criminals.

    Symantec should release a statement saying something to the effect of "It took them 6 years to break old code, you need not worry" That would be funny.

    • Jason · 1341 days ago

      I think it traced back to some government's requirement to hold a copy of the source code. They didn't properly protect it and, BOOM!

  3. Michael · 1341 days ago

    But Anonymous and the 'Lords of Dharmaraja' weren't around in 2006 (at least not in their present form), so it's likely someone else compromised Symantec's network, stole the source code and passed it on. Also, today's 'hackers' wouldn't have kept quiet about it for six years.

    But what about the six years after Symantec got compromised? Were the original attackers still accessing the company's network undetected? What else did they have access to? Potentially we could be looking at an advanced threat capable of hiding a Trojan from all of Symantec's products released since 2006.

  4. Sharpear · 1341 days ago

    I am still curious why they would release the source code anyways?

    If I was that hacker. I would have exploitted the code myself, and left it a secret. By letting the cat out the bag, you cause companies to begin working on changing code, and it becomes worthless. Who really wants to read code from 2006, even my code has changed a lot in 6 years, and I don't even program on a daily basis anymore.

    Really Hackers now a days only want fame.

  5. Nico · 1339 days ago

    If all they stole was old source code.. then why did the Symantec Cloud service break down on feb 8th?? I believe there's more to this story than this... and symantec is not telling us everything... Maybe you guys can start an investigation like you did on the Koobface gang, but this time on Symantec? I would love to read that story!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley