Hacker Denied $50K Payout and Releases Source Code

A hacker released the source code of Symantec’s pcAnywhere software on Tuesday, after the company declined to pay US$50,000 to the person in exchange for the code to be destroyed.


The security vendor released a statement Tuesday confirming that its pcAnywere source code had been posted online, and was part of the original cache of codes for 2006 versions of products which were allegedly stolen by hack group Anonymous in January. It added that it was prepared for the code to be posted at some point, and has developed and distributed a series of patches since Jan. 23 to protect pcAnywhere users against known vulnerabilities.

Additionally, Symantec is expecting Anonymous to post the rest of the codes it claims to have in its possession, which include the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security.

“As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products,” the company stated.

Symantec revealed in January that a network breach in 2006 was the cause of the eventual theft of its source code, reversing its earlier statement that the code was stolen from a third-party customer.

Negotiations broke down In a separate report by Reuters Tuesday, Symantec also revealed that it had contacted a law enforcement agency, which had been involved in an e-mail negotiation with one of the hackers involved.

The e-mail exchange was released by the hacker, calling himself YamaTough and claimed to be based in Mumbai, India, and shows drawn-out negotiations with a purported Symantec employee that dates back to Jan. 18, the report noted. Symantec has since revealed the employee was actually a front for law enforcement officials.

“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation,” Cris Paden, a company spokesperson, told Reuters, adding that no money was paid.

Paden declined to name the law enforcement agency though, saying it could compromise the investigation, the report noted.

On his end, the hacker told Reuters that his participation had been a ruse in that he was always going to publish the code and he never intended to take the money. “We tricked them into offering us a bribe so we could humiliate them,” YamaTough said in the report.


Full email conversion between the hacker and Symantec – http://pastebin.com/GJEKf1T9




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s