Symantec paid ‘Anonymous’ Hackers $50,000 to keep source code private

In a confirmation to CNET, Symantec paid $50,000 to hacker group Anonymous to keep the source code from its Security products off the Internet and reportedly they used a Gmail address. A Symantec employee negotiated payment with a hacker named Yamatough, which is also a Twitter handle of a person who previously threatened to make the source code of PCAnywhere and Norton Antivirus code public.

“We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated Thursday. “However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”

The discussion between Symantec and Hackers went for weeks and finally the individual Yamatough replied with

 “If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”

A Symantec representative confirmed the following to CNET

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Yamatough also warned Symantec of tracking/tracing the email

“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”

The last exchange of emails were as follows

Hackers:  “Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”

Symantec: We can’t make a decision in ten minutes. We need more time.

Breaking: A 1.2GB file labeled “Symantec’s PCAnywhere Leaked Source Code” has been posted to The Pirate Bay.

http://pastebin.com/embed_iframe.php?i=GJEKf1T9

 

Source: Steven Musil, CNET 

Advertisements

Leave a Reply so we can Thank you

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: