A hacker released the source code of Symantec’s pcAnywhere software on Tuesday, after the company declined to pay US$50,000 to the person in exchange for the code to be destroyed.
The security vendor released a statement Tuesday confirming that its pcAnywere source code had been posted online, and was part of the original cache of codes for 2006 versions of products which were allegedly stolen by hack group Anonymous in January. It added that it was prepared for the code to be posted at some point, and has developed and distributed a series of patches since Jan. 23 to protect pcAnywhere users against known vulnerabilities.
Additionally, Symantec is expecting Anonymous to post the rest of the codes it claims to have in its possession, which include the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security.
“As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products,” the company stated.
Symantec revealed in January that a network breach in 2006 was the cause of the eventual theft of its source code, reversing its earlier statement that the code was stolen from a third-party customer.
Negotiations broke down In a separate report by Reuters Tuesday, Symantec also revealed that it had contacted a law enforcement agency, which had been involved in an e-mail negotiation with one of the hackers involved.
The e-mail exchange was released by the hacker, calling himself YamaTough and claimed to be based in Mumbai, India, and shows drawn-out negotiations with a purported Symantec employee that dates back to Jan. 18, the report noted. Symantec has since revealed the employee was actually a front for law enforcement officials.
“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation,” Cris Paden, a company spokesperson, told Reuters, adding that no money was paid.
Paden declined to name the law enforcement agency though, saying it could compromise the investigation, the report noted.
On his end, the hacker told Reuters that his participation had been a ruse in that he was always going to publish the code and he never intended to take the money. “We tricked them into offering us a bribe so we could humiliate them,” YamaTough said in the report.
Full email conversion between the hacker and Symantec – http://pastebin.com/GJEKf1T9