Saturday, February 11, 2012

Hackers release Symantec source code after extortion attempt fails

Hackers that claim to have stolen the source code of Symantec's pcAnywhere software have attempted to extort $50,000 from the anti-virus firm, in exchange for keeping the code offline.

However, after negotiations broke down, the group uploaded the source code to The Pirate Bay. It has also released a log of the email exchange with Symantec -- but the virus-hunting firm has said that the emails were a sting operation, with law enforcement officials posing as a Symantec employee.

The email exchange is from January 2012 and kicks off with a hacker called YamaTough -- spokesperson of Indian hacker group Lords of Dharmaraja, which is affiliated with Anonymous' Op AntiSec. He's talking to a Symantec "employee" named Sam Thomas -- actually a law official, says Symantec.

At first, Thomas wants assurances that the hackers actually have their code. Thomas suggests uploading it using FTP. Yama thinks this is a trick -- "If you are trying to trace with the FTP trick it's just worthless," he says. "If we detect any malevolent tracing action we cancel the deal."

Yama threatens the anti-virus firm. "We have many people who are willing to get your code. Don't fuck with us."

The hacker asks Symantec to name a price. "How much do you consider enough to pay us in order to work all the issues out?" Stalling, Symantec asks how the money transfer will be made. Yama suggests payment processor Liberty Reserve, though "wire transfer to a bank account in Lithuania or Latvia is also an option."

"What assurances can you provide that once we pay, you will actually destroy the code and not ask for more money?," Thomas asks. "None of course," Yama bites back. "If we were really bad guys we would have already released or sold your code."

Symantec tries to make a smaller payment of $1,000 through PayPal to keep the hacker happy. Yama says no: "we can wait till we agree on final amount." So Thomas comes back with his final offer: "We will pay you $50,000.00 USD total." That's about £32,000.

The security software outfit suggests paying $2,500 a month for the first three months. If Symantec is convinced that the hackers have destroyed the code, and make a public statement to say that the hack was all a lie, the firm will pay over the rest.

Not good enough, says Yama. "I am afraid we have to cancel the whole deal because our offshore people wont let us securely get the money because they wont process amounts less than 50k a shot."

Yama has noticed that Mr. Symantec has stopped using his "" email address, and has adopted a Google Mail address. "Say hi to FBI agents," Yama says, perhaps twigging that this is a sting operation. "We are not in contact with the FBI," Thomas assures the hacker.

With negotiations breaking down, Yama says "we give you 10 minutes to decide which way you go or the two of your codes fly to the moon -- pcAnywhere and Norton Antivirus."

"We can't make a decision in ten minutes," says Thomas. "We need more time." The hacker group then proceeded to release a 1.27GB file as a torrent.

Symantec has said the version of the source code in the hacker's possession was from 2006, and no longer posed a threat to its customers even if the source code was released. After the hack was made public in January, the firm instructed its pcAnywhere users to disable the product but it later declared it safe to use after offering free upgrades.

As for the hacker, YamaTough said he never intended to take the money. "We tricked them into offering us a bribe so we could humiliate them," the plucky young hacker told Reuters.


No comments: